/APT38-0day-Stealer

APT38 Tactic PoC for Stealing 0days from security professionals

Primary LanguageC++

Lazarus-Tactic

Image Description
  • A program that automates the APT38 technique, which has been utilized to target cybersecurity researchers experts

  • Lazarus is a state-sponsored group affiliated with North Korea, has a well-documented track record of targeting cybersecurity researchers. Among their notable techniques, one stands out for its effectiveness in tricking numerous cybersecurity experts.

  • The attackers create multiple Twitter and other social media accounts to establish credibility. Through social engineering tactics, they manipulate security researchers into engaging in collaborative research using a Microsoft Visual Studio Project, the project contains a malicious code in the vcxproj file. Consequently, when the researcher attempts to build the project, the malicious code embedded within it is executed.

technical Details

  • Upon execution within the Visual Studio projects directory, the program infects all vcxproj files by injecting custom code. This code is designed to execute when the individual attempts to build the project .

    Screenshot 2023-02-25 180210

DEMO

DEMO_.mp4