Lazarus Group's Undercover Operations in South Korea 2022-2023

Explore the Lazarus Group's undercover operations targeting South Korean companies from 2022 to 2023 in this 46-minute conference talk from the Hack In The Box Security Conference. Delve into the group's large-scale infection campaign using financial security solution vulnerabilities and watering hole techniques. Examine their infiltration methods, lateral movement strategies, and exfiltration tactics based on investigations of over 60 companies and 200 hosts. Learn about the group's exploitation of popular Korean financial security software, internal network propagation techniques, and abuse of compromised servers for information leakage. Gain detailed insights into the threat actors' TTPs and discover effective tracing and response strategies for this sophisticated cyber campaign.