VentureBeat presents: AI Unleashed - An exclusive executive event for enterprise data leaders. Network and learn with industry peers. Learn More

Today, the Symantec Threat Hunter Team released a blog post reporting that it had observed an advanced persistent threat group (APT) known as Lazarus, orchestrating an espionage campaign to target organizations within the chemical sector. 

The group behind the attack, Lazarus, appears to be continuing a malicious campaign referred to as Operation Dream Job, a malicious campaign first discovered in August 2020, where attackers email attractive fake job offers to employees to trick them into opening malware attachments or clicking on links through to malware-hosting websites.

While this attack mainly targeted organizations in the chemical sector it also targeted a number of companies in the IT sector as well as individuals across the defense, government, and engineering sectors. 

Why enterprises need a strategy to mitigate espionage-style attacks   

Many organizations have long feared the advancement of state-sponsored attacks, with 80% of organizations reporting being concerned about their organization falling victim to a nation-state cyberattack. 


AI Unleashed

An exclusive invite-only evening of insights and networking, designed for senior enterprise executives overseeing data stacks and strategies.


Learn More

Now with Lazarus using these espionage tactics to steal intellectual property, more attackers are going to start to imitate these techniques to gain access to protected information and regulated data across all sectors.  

 “The first thing to say is that espionage operations of this kind can and do target private organizations. We’ve seen Operation Dream Job hit a wide range of sectors at this stage, To protect themselves, organizations should adopt a defense in-depth strategy, using multiple detection, protection, and hardening technologies to mitigate risk at each point of the potential attack chain,” said Dick O’Brien, principal intelligence analyst for the Symantec Threat Hunter Team. 

Tools of the trade: spear phishing 

This latest attack has highlighted that spear phishing is one of the most powerful tools that threat actors have at their disposal, as an attacker only needs to trick an employee into clicking on a single malicious link or attachment to gain a foothold in the environment. 

A single click on a link or attachment can infect their computer with malware and provide an access point to the network where the attacker can start working to establish lateral movement throughout the network to locate critical data assets that they can steal. 

“It had all the hallmarks of a classic cyber espionage operation, from the attractive initial lure of a fake job offer, to their ability to obtain credentials, move laterally across the target’s network and ensure that they maintain a persistent presence on the network in order to get the data they’re looking for. It’s obvious that they’re veteran operators, with the knowledge of how to fly under the radar by maximizing their use of operating system features, legitimate tools, or Trojanized versions of legitimate tools,” O’Brien said. 

How to stop espionage attempts  

Defending against an attack orchestrated by an APT is no easy feat. It only takes one employee to click on a link to cause a full-blown data breach. As a result, organizations need to optimize their security defenses if they want to prepare to mitigate espionage threats. 

Measures that O’Brien recommends include implementing solutions for monitoring and detecting threats throughout your IT environment, ensuring the latest version of PowerShell is deployed with logging enabled, and auditing and controlling administrative amount usage.  

O’Brien also highlights the importance of organizations raising awareness employee awareness of spear phishing, so they’re equipped to spot manipulation attempts whenever they encounter them. 

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.