Lazarus Group’s New Malware "CookiePlus" Targets Nuclear Sector in Sophisticated Cyber Espionage Campaign

Lazarus Group’s New Malware Threatens Nuclear Sectors in Operation Dream Job

In a startling revelation, cybersecurity firm Kaspersky has reported that the notorious Lazarus Group—linked to North Korea—has initiated a fresh wave of cyberattacks targeting employees at a nuclear-related organization. Over January 2024, the group unleashed a sophisticated malware dubbed CookiePlus as part of its ongoing espionage efforts known as Operation Dream Job.

This latest round of attacks is characterized by a "complex infection chain" deployed through tailored job opportunities aimed at enticing personnel in sensitive fields. Kaspersky details that the group’s strategies include sending malicious documents and trojanized application downloads under the guise of skills assessments for reputable aerospace and defense companies.

The methodology of attack primarily leverages trojanized remote access tools, notably a vulnerable version of VNC, camouflaged to appear as legitimate software. After infiltrating the network, the malware empowers the hackers to move laterally across the system, gathering sensitive data and deploying additional harmful payloads while maintaining operational stealth.

Research indicates that the CookiePlus is an evolutionary step, potentially superseding an earlier threat, MISTPEN, due to behavioral similarities. These malicious programs manifest as innocent plugins, such as plugins for Notepad++, making them particularly deceptive.

Kaspersky’s findings come on the heels of alarming trends highlighting North Korea’s rising cybercriminal activities. In 2024 alone, $1.34 billion has been siphoned through various cryptocurrency hacks, indicating a troubling escalation in the nation’s cyber capabilities.

As the stakes in the cyber realm continue to rise, experts underscore the importance of vigilance from organizations in critical sectors to combat such unprecedented threats.