The infamous North Korean threat actor is rapidly evolving its toolkit and strategies related to the long-lasting DeathNote campaign. All detection algorithms are enriched with CTI, ATT&CK links, executable binaries, and more relevant metadata for simplified threat investigation.Įxplore Detections Lazarus Hacker Group’s Attack Analysis: What’s Behind DeathNote Campaign
By clicking the Explore Detections button below, defenders can immediately reach the entire list of Sigma rules for the Lazarus Group activity detection. To ensure cross-tool compatibility, the rule can be instantly translated to 20+ SIEM, EDR, XDR, and BDP solutions.Ĭybersecurity professionals looking for ways to monetize their detection and hunting ideas can tap into the power of our Threat Bounty Program to share their own Simga rules with industry peers and contribute to collective expertise while converting their skills into financial benefits.ĭue to high volumes of attacks attributed to the Lazarus hacking collective and its constantly evolving adversary toolkit, progressive organizations are striving to strengthen their cyber defense capabilities and proactively detect related threats. The detection is aligned with the latest MITRE ATT&CK® framework v12 addressing the Discovery tactic and the corresponding Group Policy Discovery (T1615) technique. This Sigma rule detects the latest Lazarus APT Group activity attempting to access the default domain controller’s policy to discover information about the compromised system. Possible Discovery Activity of Lazarus Apt Group by Accessing the Default Domain Controllers Policy (via process_creation) To help organizations timely identify the adversary activity in their infrastructure, SOC Prime has recently released a new Sigma rule written by our keen Threat Bounty developer, Emre Ay : In the latest DeathNote campaign, the group’s experiments with new targets and the use of more sophisticated tools and techniques require ultra responsiveness from the defensive forces. Having been in the limelight in the cyber threat arena since 2009, Lazarus hackers are constantly challenging cyber defenders with new threats and enhanced offensive capabilities.
Detecting DeathNote Campaign by Lazarus Hacker Squad.
0 kommentar(er)
