South Korean Companies Targeted by Lazarus via Watering Hole Attacks, Zero-Days

At least six South Korean organizations in the financial, IT, semiconductor, software, and telecommunications sectors have been targeted in a recent campaign attributed to the North Korean APT Lazarus, Kaspersky reports.

While Lazarus’ targeting of South Korea is nothing new, the new attacks stand out because they combine a watering hole strategy with the exploitation of vulnerabilities in software used by organizations in the country.

As part of the campaign, dubbed Operation SyncHole, Lazarus exploited a vulnerability in Cross EX, an application used by South Korean companies to ensure that mandatory security software runs in browser environments.

The country’s internet environment requires that online banking and government websites use specific security software for anti-keylogging and certificate-based digital signatures. These applications run in the background to interact with the browser.

“The Lazarus group shows a strong grasp of these specifics and is using a South Korea-targeted strategy that combines vulnerabilities ...