The APT known as Lazarus conducted spear phishing attacks with weaponized documents masquerading as Lockheed Martin. These weaponized documents perform a series of injections to achieve startup persistence on the victims system. As part of this killchain the Windows Update service is abused for payload execution and Github is utilzed as a C2 to deliver remote commands.
Malwarebytes researches have shared a full synopsis here:
MITRE ATT&CK Lazarus profile:
https://attack.mitre.org/groups/G0032/
Staying One Step Ahead Article Link: https://www.fbi.gov/contact-us/field-offices/jacksonville/news/staying-one-step-ahead New USF Program Focused on AI and Cybersecurity Article Link: https://www.fox13news.com/news/new-usf-program-focused-ai-cyber-security Executives Warned About Celebrity Podcast Scams Article
DEF CON Research Takes Aim at ZTNA, Calls It a Bust Article Link: https://www.networkworld.com/article/4039042/def-con-research-takes-aim-at-ztna-calls-it-a-bust.html Personalization in Phishing: Advanced Tactics for Malware Article Link: https://cofense.com/blog/personalization-in-phishing-advanced-tactics-for-malware-delivery Gemini
