The Lazarus Group uses a new CookiePlus module for sophisticated cyberattacks on the nuclear industry

20 December 2024 2 minutes Author: Newsman

The Lazarus Group, a group linked to the North Korean regime, carried out a series of cyberattacks that led to the introduction of a new modular CookiePlus backdoor.

The attacks were aimed at employees of the nuclear organization in January 2024. The main attack method was to send infected utilities, such as VNC Trojans, to assess the technical skills of the victim. One of the attacks, called “DeathNote,” used the “AmazonVNC.exe” malware to introduce the MISTPEN backdoor and the new CookiePlus module. CookiePlus, which was named so because CookiePlus was disguised as a Notepad++ plugin. The module was capable of collecting system information, executing malicious commands and running in the background. To spread, the module used a sideloading DLL to obtain encrypted data from the control server (C2). The CookiePlus module shows similarities to the previous MISTPEN malware, confirming that the Lazarus arsenal is evolving.

Lazarus is known for its sophisticated espionage operations, such as NukeSped and DeathNote, targeting key sectors including the nuclear, defense and cryptocurrency industries. The group uses both technological innovation and social engineering to gain access to its targets’ systems. In 2024, special attention was paid to the development of modular software that can be adapted for different purposes. Using CookiePlus has become an important step in bypassing the latest protection systems. It was an important step.

Lazarus Group cyber attacks using CookiePlus confirm the growing threat to key sectors of the economy. This highlights the need to strengthen cybersecurity, especially in the context of modular malware.

Other related articles
News
Read more
Two men arrested for flying drone near Boston airport
Main text Two men were arrested for flying a drone near Boston's Logan Airport. The incident is part of a growing crisis over unidentified aerial objects (UFOs) that are shutting down airports and military bases in the United States. Government officials are calling for improved drone surveillance technology to ensure safety.
71
Found an error?
If you find an error, take a screenshot and send it to the bot.