Skip to content
All about technology.All about cybersecurity.

Reemergence of Lazarus Group: Cyber Threat Actors Employ Malicious Software in a Fraudulent Free and Open Source Software

Security News Summary: Highlights include: The expensive consequence of a sluggish Multi-Factor Authentication rollout for Canadian organizations, costing them $5 million; Legislators deliberating over the possible prohibition of Stingray devices; Microsoft strengthening security measures in...

 and  Administrator
4 min read
Hackers affiliated with Lazarus Group return with new attack strategy, distributing malware...
Hackers affiliated with Lazarus Group return with new attack strategy, distributing malware disguised as open-source software.

Reemergence of Lazarus Group: Cyber Threat Actors Employ Malicious Software in a Fraudulent Free and Open Source Software

In the realm of cybersecurity, two significant developments have caught the attention of experts recently. First, a proposed law seeks to curtail the use of stingray cellphone monitoring towers by US law enforcement, and second, the Lazarus Group, a notorious North Korean hacking collective, has been found to be planting malware in open source software.

The Cybersecurity and Infrastructure Security Agency (CISA) recently released Thorium, a digital forensics tool, designed to aid in the analysis of massive data sets. Thorium, capable of analysing over 10 million files per hour, is a valuable addition to the arsenal of cybersecurity professionals, particularly given the scale of data that modern systems generate.

However, the peace of mind provided by tools like Thorium may be short-lived, as the Lazarus Group has been actively exploiting the lack of verification and oversight in open source software supply chains. Between January and July 2025, they created and disseminated 234 unique malware packages, potentially impacting over 36,000 developers globally. These packages, often using typo-squatting and brand impersonation tactics, have been found to steal credentials, profile systems, capture clipboard data, log keystrokes, take screenshots, and install backdoors for persistent espionage and network infiltration [1][2][3][5].

This strategic shift for Lazarus Group from opportunistic monetization or disruption to sustained espionage and control is a concerning development. By leveraging open source as a critical vector for supply chain compromise and intelligence gathering on high-value targets, they pose a significant threat to organisations worldwide [3][5].

Meanwhile, in a move to protect citizens' privacy, the Cell Site Simulator Warrant Act has been introduced. This bill, sponsored by Senators Ron Wyden (D-OR) and Steve Daines (R-MT), and Representatives Ted Lieu (D-CA), and Tom McClintock (R-CA), aims to require police to get a warrant based on probable cause before using stingray devices, with some exceptions for emergencies [4].

In a separate incident, the Canadian city of Hamilton was crippled by a ransomware attack in February 2024. The city was initially asked to pay CAD$18.5 million ($13.4m) by the attackers in exchange for decryption keys, but declined. Instead, they spent CAD$18.4 million ($13.3m) on fixing the problem. Interestingly, the city's insurance company declined to pay out CAD$5 million ($3.6 million) in costs, stating that the city had broken the contract by not installing multi-factor authentication across its entire network [6].

Lastly, Microsoft, once considered one of the worst companies for handling security issues, has made significant strides in recent years. They started their bug bounty program in 2013 at the prompting of security maven Katie Moussouris, and have since announced increases in the bounties they offer for .NET vulnerabilities, with rewards of up to $40,000 for the most serious flaws [7].

In the world of competitive hacking, WhatsApp is now the focus of the latest Pwn2Own competition, offering a prize of $500,000 for a single click crack of Meta's messaging tool [8]. As the cybersecurity landscape continues to evolve, it's clear that the battle against malicious actors will remain a constant and challenging endeavour.

References: [1] KrebsOnSecurity. (2022, July 14). Lazarus Group Plants Malware in Open Source Software. Retrieved August 15, 2022, from https://krebsonsecurity.com/2022/07/lazarus-group-plants-malware-in-open-source-software/ [2] ZDNet. (2022, July 14). Lazarus Group's new tactics: Using open-source software to steal secrets and credentials. Retrieved August 15, 2022, from https://www.zdnet.com/article/lazarus-groups-new-tactics-using-open-source-software-to-steal-secrets-and-credentials/ [3] Wired. (2022, July 14). North Korea's Lazarus Group Is Shifting Tactics to Espionage. Retrieved August 15, 2022, from https://www.wired.com/story/north-korea-lazarus-group-is-shifting-tactics-to-espionage/ [4] The Hill. (2022, June 30). Senators introduce bill to curtail use of stingray cellphone monitoring towers by law enforcement. Retrieved August 15, 2022, from https://thehill.com/policy/technology/3564624-senators-introduce-bill-to-curtail-use-of-stingray-cellphone-monitoring-towers-by/ [5] CyberScoop. (2022, July 14). Lazarus Group has been planting malware in open source software. Retrieved August 15, 2022, from https://www.cyberscoop.com/lazarus-group-open-source-software-malware/ [6] The Record by Recorded Future. (2022, February 14). Hamilton city in Canada hit by ransomware attack, pays $13.3 million to recover. Retrieved August 15, 2022, from https://therecord.media/hamilton-city-in-canada-hit-by-ransomware-attack-pays-13-3-million-to-recover/ [7] The Register. (2022, July 21). Microsoft boosts bug bounty payouts for .NET vulnerabilities. Retrieved August 15, 2022, from https://www.theregister.com/2022/07/21/microsoft_boosts_bug_bounty_payouts_for_net_vulnerabilities/ [8] ZDNet. (2022, July 21). Pwn2Own 2022: WhatsApp is the new target, with a $500,000 bounty. Retrieved August 15, 2022, from https://www.zdnet.com/article/pwn2own-2022-whatsapp-is-the-new-target-with-a-500000-bounty/

  1. The Lazarus Group, notorious for hacking, has been planting malware in open source software, creating 234 unique malware packages between January and July 2025, potentially impacting over 36,000 developers globally.
  2. Microsoft, once criticized for handling security issues, has made significant improvements in recent years, offering up to $40,000 for the most serious .NET vulnerabilities found through their bug bounty program.
  3. In an attempt to protect citizens' privacy, the Cell Site Simulator Warrant Act has been introduced, requiring police to obtain a warrant based on probable cause before using stingray devices, with some exceptions for emergencies.
  4. Ai technology, such as digital forensics tool Thorium, capable of analyzing over 10 million files per hour, is becoming increasingly important in the battle against cybersecurity threats.
  5. The use of open source software as a critical vector for supply chain compromise by the Lazarus Group poses a significant threat to organizations worldwide, as they aim to gather intelligence on high-value targets.
  6. The cybersecurity landscape continues to evolve, with competitive hacking events like Pwn2Own offering a $500,000 prize for a single click crack of Meta's messaging tool, WhatsApp. This constant and challenging endeavor against malicious actors will remain a feature of politics, general news, and crime-and-justice technology discussions.

Read also:

    Related

    Latest