Together with Novetta and other industry partners, Kaspersky Lab is proud to announce its contribution to Operation Blockbuster. The goal of the operation is to disrupt the activity of the Lazarus Group a highly malicious entity responsible for data destruction as well as conventional cyber-espionage operations against multiple companies around the world.
The attackers are believed to be behind the attack on Sony Pictures Entertainment in 2014, and operation DarkSeoul that targeted media and financial institutions in 2013.
After a devastating attack against the famous movie production company, Sony Pictures Entertainment (SPE) in 2014, Kaspersky Lab’s Global Research and Analysis Team (GReAT) began its investigation into samples of the Destover malware publicly named as used in the attack.
This led to wider research into a cluster of related cyber-espionage and cyber-sabotage campaigns targeting financial institutions, media stations, and manufacturing companies, among others.
Based on the common characteristics of the different malware families, the company’s experts were able to group together tens of isolated attacks and determine that they all belong to one threat actor, as other participants in Operation Blockbuster confirmed in their own analysis.
The Lazarus Group threat actor was active several years before the SPE incident, and it appears that it is still active.
Kaspersky Lab and other Operation Blockbuster research confirms a connection between malware used in various campaigns, such as Operation DarkSeoul against Seoul-based banks and broadcasters, Operation Troy targeting military forces in South Korea, and the Sony Pictures incident.
During the investigation, Kaspersky Lab researchers exchanged preliminary findings with AlienVault Labs. Eventually researchers from the two companies decided to unite efforts and conduct a joint investigation.
Simultaneously, the activity of the Lazarus Group was being investigated by many other companies and security specialists. One of these companies, Novetta started an initiative aimed at publishing the most extensive and actionable intelligence on the activity of the Lazarus Group.
As part of Operation Blockbuster, together with Novetta, AlienVault Labs, and other industry partners, Kaspersky Lab is publishing its findings for the benefit of the wider public.