Security experts spot new Lazarus attacks targeting English speaking world

Park Sae-jin Reporter Posted : 2018-11-13 17:19 Updated : 2018-11-13 17:19
글씨작게 글씨크게

[Courtesy of ESTsecurity]


SEOUL -- South Korean security experts have spotted a new case of cyber attacks targeting English speaking countries by using a method similar to that of Lazarus, a hacking group suspected of being tied to North Korea.

ESTsecurity, a Seoul-based online security firm, said in a statement uploaded onto its website Tuesday that it detected malicious files disguised as ordinary documents which run on Microsoft Office, a word processing program, for an advanced persistent threat (APT) attack. The corrupted file guides targeted people to run a pre-mapped sequence called "macro" to control infected computers.

The security firm found in October that Lazarus was suspected of using the same method for cyber attacks on South Koreans. "Malicious files seem to target people living in English speaking countries, but it is highly possible that they were created using a Korean-based system as the code pages are configured in Korean," it said.

Symantec, a US-based anti-virus firm, said earlier that Lazarus was suspected of staging WannaCry ransomware attacks that infected hundreds of thousands of computers across the world in 2017. The ransomware intrudes computers in a form of a worm virus and encrypts all files, leaving users inaccessible to them. Users must pay the hackers in Bitcoins, a digital payment system, to regain control of their computers.