North Korean Hackers Target Defense Industry With ThreatNeedle Backdoor

The cyber espionage campaign targeting the defense industry with custom backdoor malware ThreatNeedle to steal sensitive information was coordinated by DPRK-backed state hackers tracked as Lazarus Group. The attacks started in early 2020 with the spear-phishing emails with malicious attachments or links to gain access to companies' internal networks. After the initial compromise, hackers installed a custom-made backdoor tracked as ThreatNeedle to get full control over the infected device, allowing hackers to manipulate files and remotely executing commands. ThreatNeedle allowed the attackers to move laterally throughout the defense orgs' networks and harvest sensitive info that got exfiltrated to attacker-controlled servers using a custom tunneling tool via SSH tunnels to remote compromised South Korean servers. Read more...