The APT known as Lazarus conducted spear phishing attacks with weaponized documents masquerading as Lockheed Martin. These weaponized documents perform a series of injections to achieve startup persistence on the victims system. As part of this killchain the Windows Update service is abused for payload execution and Github is utilzed as a C2 to deliver remote commands.
Malwarebytes researches have shared a full synopsis here:
MITRE ATT&CK Lazarus profile:
https://attack.mitre.org/groups/G0032/
Oracle Confirms “Obsolete Servers” Hacked Article link: https://www.bleepingcomputer.com/news/security/oracle-says-obsolete-servers-hacked-denies-cloud-breach/ Phishing Kits Now Vet Victims in Real-Time Before Stealing Credentials Article link: https://www.bleepingcomputer.com/news/security/phishing-kits-now-vet-victims-in-real-time-before-stealing-credentials/ Neptune RAT
Criminal Group Claims Responsibility for Cyberattack on Minnesota Casino Article Link: https://cdcgaming.com/brief/cybersecurity-incident-at-minnesota-tribal-community-casino-prompts-shutdown/ As CISA Downsizes, Where Can Enterprises Get Support? Article Link: https://www.darkreading.com/cybersecurity-operations/roundtable-cisa-downsizes-where-can-enterprises-look-support Oracle Privately
