Since September 2024, SecurityScorecard’s STRIKE team has been investigating Lazarus Group’s activity, uncovering key details about their infrastructure. Despite variations in payload delivery and obfuscation techniques, the campaign relied on a consistent C2 framework. Hidden control panel Through deep analysis, researchers identified a hidden administrative layer within the C2 servers, offering the attackers centralized control over compromised systems. This web-based administrative platform, built with React and Node.js, enabled Lazarus to: Precisely organize and manage exfiltrated … More

The post How Lazarus Group built a cyber espionage empire appeared first on Help Net Security.