Severity
Medium
Analysis Summary
The Lazarus campaign aimed at Russian banks uses malicious Office documents delivered as ZIP files, along with a PDF document called NDA_USA.pdf that contains a StarForce Technologies agreement, which is a Russian software company that provides copy protection software.
Moreover, researchers have observed increased targeting of interbank networks by the Lazarus group. These networks connect the ATMs of issuing banks, enabling ATM cards issued by members to work across all connected ATMs. Recently observed campaigns leverage social engineering and subsequent spear-phishing emails sent to employees of targeted organizations. The emails contain malicious attachments that, when opened, download known Lazarus malware.
Impact
Lazarus Attack
Indicators of Compromise
Remediation