The APT known as Lazarus conducted spear phishing attacks with weaponized documents masquerading as Lockheed Martin. These weaponized documents perform a series of injections to achieve startup persistence on the victims system. As part of this killchain the Windows Update service is abused for payload execution and Github is utilzed as a C2 to deliver remote commands.
Malwarebytes researches have shared a full synopsis here:
MITRE ATT&CK Lazarus profile:
https://attack.mitre.org/groups/G0032/
Asian Government’s Espionage Campaign Breached Critical Infrastructure in 37 Countries Article Link: https://www.cybersecuritydive.com/news/asian-governments-espionage-campaign-breached-critical-infrastructure-in-3/811472/ CISA Tells Agencies to Stop Using Unsupported Edge Devices Article Link: https://cyberscoop.com/cisa-bod-directive-unsupported-edge-devices-firewalls-routers/
FBI Seizes RAMP Cybercrime Forum Used by Ransomware Gangs Article Link: https://www.bleepingcomputer.com/news/security/fbi-seizes-ramp-cybercrime-forum-used-by-ransomware-gangs/ U.S. Charges 31 Suspects in Nationwide ATM Jackpotting Scam Article Link: https://hackread.com/us-charges-atm-jackpotting-scam-suspects/ Nike
