Lazarus incorporate payloads in BMP images

April 20, 2021

In a recent phishing operation, the Lazarus community modified its loader obfuscation tactics by exploiting picture files. North Korea’s Lazarus is a state-sponsored advanced persistent threat (APT) group.

The attack chain begins with a phishing Microsoft Office document (참가신청서양식.doc) and a lure in the Korean language. Intended victims are asked to enable macros in order to view the file’s content, which, in turn, triggers a malicious payload

Read More…