North Korean APT Lazarus Group used a custom backdoor dubbed ThreatNeedle to laterally move through infected defense firm networks and gather sensitive information in over a dozen countries. The actor achieved initial entry to victim networks through spear-phishing emails with malicious attachments or links.
- Defense firms in more than a dozen countries
Suspected state sponsor
- Korea (Democratic People's Republic of)
Type of incident
- Private sector