Security researchers on Feb. 2 reported that they have detected a cyberattack campaign by the North Korean Lazarus Group, targeting medical research and energy organizations for espionage purposes.
The attribution was made by threat intelligence analysts for WithSecure, which discovered the campaign while running down an incident against a customer it suspected was a ransomware attack. Further investigation — and a key operational security (OpSec) slip-up by the Lazarus crew — helped them uncover evidence that it was actually part of a wider state-sponsored intelligence gathering campaign being directed by North Korea.