The APT known as Lazarus conducted spear phishing attacks with weaponized documents masquerading as Lockheed Martin. These weaponized documents perform a series of injections to achieve startup persistence on the victims system. As part of this killchain the Windows Update service is abused for payload execution and Github is utilzed as a C2 to deliver remote commands.
Malwarebytes researches have shared a full synopsis here:
MITRE ATT&CK Lazarus profile:
https://attack.mitre.org/groups/G0032/
Ransomware Disruptions Contributed to a Patient Death, NHS Finds Article Link: https://www.techradar.com/pro/security/ransomware-disruptions-contributed-to-a-patient-death-nhs-finds Scans Probing for MOVEit Systems May Be Precursor to Attacks Article Link: https://www.databreachtoday.com/scans-probing-for-moveit-systems-may-be-precursor-to-attacks-a-28832
Law Enforcement Takedowns Disrupt Cybercrimes Across the Globe Article Link: https://cyberscoop.com/cybercrime-crackdown-operation-endgame-operation-secure/ Microsoft 365 to Block File Access Via Legacy Auth by Default Article link:
