Lazarus Group’s Operation SyncHole targeted six South Korean sectors using watering hole attacks and software exploits. They leveraged flaws in Cross EX and Innorix Agent to deploy malware like ThreatNeedle and SIGNBT. The goal was persistence, data theft, and lateral movement. Kaspersky warns of ongoing, evolving threats to South Korean supply chains.

‍