Lazarus Group targets Aerospace and Defense with new Comebacker variant

Description

This analysis details a recent espionage campaign by the DPRK-nexus threat actor Lazarus Group targeting the aerospace and defense sectors. The campaign employs a new variant of the Comebacker backdoor, showcasing the actor's ongoing refinement of their malware arsenal. The attackers use highly specific lure documents, indicating a targeted spear phishing campaign. The malware's infection chain involves multiple stages, including custom decryption algorithms and encrypted C2 communications. The campaign's infrastructure remains active, suggesting potential ongoing operations. Organizations in the targeted sectors should remain vigilant against phishing attempts and strengthen their defenses against macro-based threats.