North Korean Hackers Using Windows Update Service to Infect PCs with Malware

28-Jan-22

The renowned Lazarus Group actor has been seen mounting a new campaign that uses the Windows Update service to execute its malicious payload, adding to the APT group’s arsenal of living-off-the-land (LotL) approaches to further its objectives.

The North Korean nation-state hacking outfit known as the Lazarus Group, previously known as APT38, Hidden Cobra, Whois Hacking Team, and Zinc, has been operating since at least 2009. The threat actor was tied to a sophisticated social engineering campaign aimed at security experts last year.

Read More…