Skip to content
This repository has been archived by the owner on Sep 16, 2024. It is now read-only.

APT38 Tactic PoC for Stealing 0days from security professionals

Notifications You must be signed in to change notification settings

ZeroMemoryEx/APT38-0day-Stealer

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Lazarus-Tactic

Image Description
  • A program that automates the APT38 technique, which has been utilized to target cybersecurity researchers experts

  • Lazarus is a state-sponsored group affiliated with North Korea, has a well-documented track record of targeting cybersecurity researchers. Among their notable techniques, one stands out for its effectiveness in tricking numerous cybersecurity experts.

  • The attackers create multiple Twitter and other social media accounts to establish credibility. Through social engineering tactics, they manipulate security researchers into engaging in collaborative research using a Microsoft Visual Studio Project, the project contains a malicious code in the vcxproj file. Consequently, when the researcher attempts to build the project, the malicious code embedded within it is executed.

technical Details

  • Upon execution within the Visual Studio projects directory, the program infects all vcxproj files by injecting custom code. This code is designed to execute when the individual attempts to build the project .

    Screenshot 2023-02-25 180210

DEMO

DEMO_.mp4