North Korean Lazarus hackers launch large-scale cyberattack by cloning open source software

Articles

Mac Support London - SupportPlan > Blog > Articles > North Korean Lazarus hackers launch large-scale cyberattack by cloning open source software

Lazarus was seen poisoning open source software with infostealers
The campaign is dubbed Phantom Circuit, and targets mostly European software devs
Multiple repositories were found poisoned with malware

The notorious North Korean hackers Lazarus have been targeting software developers, particularly those in the Web3 industry, with infostealing malware, grabbing their credentials, authentication tokens, and other valuable data, experts have warned.

Cybersecurity researchers SecurityScorecard released a report detailing the campaign, which included a software supply-chain attack and open-source poisoning.

Lazarus Group, an infamous hacking collective on North Korea’s payroll, was spotted grabbing different open source tools, poisoning them with malicious code, and then returning them to code repositories and platforms such as Gitlab.

Targeting Web3 devs

Developers would then pick up these tools by mistake, and would unknowingly get infected with malware.

The researchers named the operation Phantom Circuit, and apparently ended up compromising more than 1,500 victims. Most of them are based in Europe, with notable additions from India and Brazil.

The modified repositories apparently included Codementor, CoinProperty, Web3 E-Store, a Python-based password manager, and “other cryptocurrency-related apps, authentication packages, and web3 technologies”, citing Ryan Sherstobitoff, senior VP of research and threat intelligence at SecurityScorecard.

The researchers did not say if Lazarus used any known infostealer in this campaign, or created new code from scratch. The group is known for using a wide variety of tools in their attacks.

Lazarus often targets cryptocurrency companies. Some researchers are saying the country is engaging in crypto theft to fund its state apparatus, as well as its weapons program. The group is famous for its fake job campaign, called Operation DreamJob, in which it targets Web3 software developers with fake, lucrative job offers.

During the interview stages, the attackers would trick the candidate into downloading and running infostealers, grabbing their tokens, and those of their employers. In one such instance, Lazarus managed to steal roughly $600 million.

FBI confirms North Korean Lazarus Group was behind major Harmony crypto heist
Here’s a list of the best firewalls around today
These are the best endpoint security tools right now

Over 320 Satisfied Customers

I just wanted to say thank you for the visit today from SupportPlan. The engineer picked up many issues that we had outstanding and was professional and tireless! Really grateful for all his support and expertise today.

Beth, Operations Manager

SupportPlan has been a highly valued supplier to APR Communications, supporting our luxury PR agency from 1997 until 2018 when the company merged to become ANM.

We cannot recommend SupportPlan more highly. Not only have SupportPlan provided an impeccable service; they have also been a true partner of the agency providing excellent counsel re our IT requirements and valuable cost-saving advice.

The team are very responsible and always go the extra mile in providing technical solutions in a user-friendly manner.

We wish Lance and the SupportPlan team our best and have been honoured to work with them.

Annabel McAvoy, Managing Partner, APR Communications LLP

All unforeseen problems were handled smoothly and calmly with the expertise of the engineers…[SupportPlan] sold me solutions and not technology.

Reginald Thompson, Conran Design Group Ltd

SupportPlan are fast, efficient, friendly and very knowledgeable. They have resolved any problems I have thrown their way and in quick time. I would recommend them to any company.

Design Manager, Colliers International

I rely on SupportPlan. Even though I’m able to carry out certain tasks, it’s reassuring to know that SupportPlan is on the other end of the phone if I need them for back up.

Neil Hickford, Four IV Design

I work in a very busy marketing team. Knowing that SupportPlan are there to help us, in case of any problems has always been reassuring. They proved it one day when my Mac broke down as I was facing a tough deadline. Not only did SupportPlan swiftly replace the faulty computer, but their engineer also transferred all my files to the new Mac, enabling me to get back to work right away.

Claudia Mansaray, Marketing Communications Executive, Alzheimer's Society

I had the opportunity to work with your engineer via telephone today. I was so impressed with his helpfulness, knowledge and professionalism that I felt that I should send this email complement. Who ever hired him made the right decision. I will certainly be recommending your company to any other company I work with.

John McCrudden, MSc MCSE ACTC JNCIS-ER, "IT Infrastructure Specialist", Mitie Business Services

SupportPlan’s engineers have the knack for solving problems quickly by asking jargon-free questions that make a user feel like an IT expert.

Christine Holdforth, Manager, Corporate Publicity and Design Studio, Department of Education and Skills

SupportPlan is unusual in that the ‘top man’ is much more hands on with his clients than in other comparable organisations and is happy to step in when required. The engineers are responsive in a crisis and devote themselves to solving the problem efficiently.

Irena St John-Brooks, Managing Director, Pension Publications Ltd

SupportPlan are a rare breed in that they genuinely understand creative agencies and how we use IT in the business. They provide all our day-to-day IT support in a seamless and proactive way as well as advising us at a strategic level.

Financial Director, Salter Baxter

We were very impressed not only by the promptness of response but also by the consistency for the support…our Mac users were able to build up a strong working relationship with the regular team of experts from SupportPlan.

Richard Swann, IT Manager, Institute of Directors

I thoroughly recommend SupportPlan for whatever creative IT needs you may have…their expert knowledge is worth their weight in gold, let alone the service and range of services they back this up with. They are and always will be constant to my working life, as they have never let me down.

Neil Carter, Studio Manager, Penna Plc.

It’s reassuring to know that I have the breadth of skills of the SupportPlan team to back me up when I need them.

Gareth Perry, Group IT Manager, Eaglemoss

I have no hesitation recommending SupportPlan. They have maintained our computers for 12 years and they have ensured that any problems are resolved on the same day so we experienced as little down time during working hours. Their technicians are extremely knowledgeable and are always polite and helpful.

Maria Grasso, mgdc design consultants