North Korean hackers use Windows Update and GitHub in spear phishing attack

Malwarebytes recently discovered a campaign perpetrated by the advanced persistent threat group (APT) known every bit Lazarus. The entrada used spear phishing attacks that included malicious documents disguised every bit information about job opportunities with Lockheed Martin. As part of its assail methodology, the Lazarus group uses Windows Update and GitHub to bypass security software.

Malwarebytes thoroughly breaks down the assault in technical terms. One part of the campaign uses Windows Update to bypass security detection mechanisms. Malwarebytes notes that this is a "clever" use of Windows Update.

"This is an interesting technique used by Lazarus to run its malicious DLL using the Windows Update Client to featherbed security detection mechanisms," said Malwarebytes. "With this method, the threat thespian can execute its malicious code through the Microsoft Windows Update customer..."

The Lazarus group too used GitHub in its set on. Using GitHub makes it difficult for security products to tell the difference betwixt malicious and legitimate content. This is the first time that Malwarebytes has observed the grouping using GitHub in this mode.

"Rarely do nosotros see malware using GitHub as C2 and this is the first time we've observed Lazarus leveraging it," explained Malwarebytes. "Using GitHub as a C2 has its ain drawbacks simply it is a clever choice for targeted and brusque term attacks as it makes it harder for security products to differentiate between legitimate and malicious connections."

The Lazarus group previously used spear phishing tactics to obtain COVID-19 research. Lazarus was too connected to the well-known set on on Sony and the WannaCry ransomware attack.

Lazarus was likewise alleged to be involved in the theft of $400 meg worth of cryptocurrency in 2022.

Windows 11 review: The start of a new era

Updated Feb 2022

Windows 11 review: The commencement of a new era

It's been 6 long years since the last mainline version of Windows shipped, and a lot has changed in the Bone space since and so. Microsoft is back with a roaring passion to create a mod version of the Windows user experience that'south simple to utilize, beautifully designed, and well-continued, all in an effort to make you more productive in your professional or creative workflows. Just, is it...

Where are all the guns in Dying Light 2?

Shooty bang bang

Where are all the guns in Dying Low-cal two?

It'southward past pattern, sure, but there'south a distinct lack of firearms in Dying Light 2. For better or worse, mod medieval Villedor is a place to build your own weapons. Only what happened to the guns and ammo and might it ever make a comeback?

These laptops have bright screens great for outdoor use

Smooth bright like a diamond

These laptops take vivid screens slap-up for outdoor employ

Due to the never-catastrophe war against dominicus glare, laptop developers accept made their laptop screens brighter than ever in recent years. Here's a collection of some of our favorite laptops with bright displays.