The Lazarus Group continues to demonstrate its ability to adapt and to continue to be a serious threat in the world of cybercrime. These supply chain attacks take advantage of the trust we have in vendors, especially security vendors, and the tools that we install in our environments. These tools often have a high level of permissions, which makes the deployment of malicious payloads a trivial task. Unfortunately, the very tools that are compromised, may even be the same tools tasked to stop or discover an intrusion.
Because the Lazarus Group commonly uses spear-phishing as an initial attack vector, to defend against these attacks, organizations should ensure they are teaching users how to spot and report these social engineering attacks. In addition, using simulated phishing attacks to help users practice and improve their skills at spotting these real attacks, can provide a significant reduction in risk.