Targeting of the defense industry
Date of report
  • February 2021
North Korean APT Lazarus Group used a custom backdoor dubbed ThreatNeedle to laterally move through infected defense firm networks and gather sensitive information in over a dozen countries. The actor achieved initial entry to victim networks through spear-phishing emails with malicious attachments or links.
Suspected victims
  • Defense firms in more than a dozen countries
Suspected state sponsor
  • Korea (Democratic People's Republic of)
Type of incident
  • Espionage
Target category
  • Private sector