The APT known as Lazarus conducted spear phishing attacks with weaponized documents masquerading as Lockheed Martin. These weaponized documents perform a series of injections to achieve startup persistence on the victims system. As part of this killchain the Windows Update service is abused for payload execution and Github is utilzed as a C2 to deliver remote commands.
Malwarebytes researches have shared a full synopsis here:
MITRE ATT&CK Lazarus profile:
https://attack.mitre.org/groups/G0032/
CISA Urges US Orgs to Secure Microsoft Intune Systems After Stryker Breach Article Link: https://www.bleepingcomputer.com/news/security/cisa-warns-businesses-to-secure-microsoft-intune-systems-after-stryker-breach/ The Industrialization of Identity Compromise: How Attackers Are Scaling Faster
MedTech Giant Stryker Crippled by Iran-Linked Hacker Attack Article Link: https://www.securityweek.com/medtech-giant-stryker-crippled-by-iran-linked-hacker-attack/ ShinyHunters Claims Ongoing Salesforce Aura Data Theft Attacks Article Link: https://www.bleepingcomputer.com/news/security/shinyhunters-claims-ongoing-salesforce-aura-data-theft-attacks/ Attackers Don’t Just
