"Lazarus Using Windows Update, GitHub to Deploy Malware"

Lazarus, the North Korean Advanced Persistent Threat (APT) group, has launched a new spear-phishing campaign involving the exploitation of Windows Updates to deploy malware and the use of GitHub as a command-and-control (C2) server. The Lazarus Group was sanctioned by the US and United Nations, and was found to be linked to North Korea's primary intelligence agency, the Reconnaissance General Bureau. The APT group executed spear-phishing attacks with malicious documents based on known job opportunities. Two decoy documents were discovered luring potential victims with new job opportunities at the American global security and aerospace giant Lockheed Martin. The Malwarebytes Threat Intelligence team spotted the new campaign on January 18, 2022, and attributed it to Lazarus based on the attack techniques used. The malicious documents' metadata also links the campaign to several other documents previously used by Lazarus. Xueyin Peh, senior cyber threat intelligence analyst at Digital Shadows, believes the impersonation of Lockheed Martin in the latest campaign indicates that the North Korean regime wants defense-related information. This article continues to discuss the history of the Lazarus Group, the threat actors' latest campaign, the use of GitHub for C2 communication, and other recent Lazarus activities. 

GovInfoSecurity reports "Lazarus Using Windows Update, GitHub to Deploy Malware"