"Lazarus Group Hits COVID-19 Vaccine-Maker in Espionage Attack"

Researchers at Kaspersky have found that the advanced persistent threat (APT) known as Lazarus Group and other sophisticated nation-state actors are actively trying to steal COVID-19 research to speed up their countries’ vaccine-development efforts.  The Lazarus Group, widely believed to be linked to North Korea, has recently attacked a pharmaceutical company and a government health ministry related to the COVID-19 response. The goal of the APT was intellectual-property theft.  The group is mostly known for its financial activities, but it is a good reminder that it can go after strategic research as well, the researchers stated.  In the first cyberattack, the adversaries installed a sophisticated malware called “wAgent” on the government health ministry’s servers, which is fileless (it only works in memory). The malware fetches additional payloads from a remote server. During the cyberattack against the pharma company, the Lazarus Group deployed Bookcode malware in a likely supply-chain attack through a South Korean software company. 

Threatpost reports: "Lazarus Group Hits COVID-19 Vaccine-Maker in Espionage Attack"