North Korean hackers use new method to dodge security programs
Cybersecurity firm outlines Lazarus-attributed phishing attempt in recent report
Hackers linked to North Korea deployed a new means of extracting malware by hiding it inside a legitimate-looking command to convert a PNG image into a BMP image, according to a new report from security company Malwarebytes.
Based on similarities to previous code and tactics, researchers at Malwarebytes attributed the phishing attack to the North Korea-linked Lazarus Group, which harnessed a Korean-language Microsoft Office Word document enabled with a malicious macro.
“This is the first time I saw Lazarus using this technique,” said Hossein Jazi, a threat intelligence researcher at Malwarebytes and the report’s