VERY IMPORTANT

At the end of September 2020, Positive Technologies Expert Security Center (PT Expert Security Center, PT ESC) was involved in the investigation of an incident in one of the largest pharmaceutical companies. After starting to analyze the tactics, techniques, and procedures (TTPs) of the attackers, the investigation team found similarities with the Lazarus Group attacks previously described in detail by cybersecurity experts in the reports Operation: Dream Job and "Operation (노스 스타) North Star A Job Offer That's Too Good to be True?". This article describes a previously unknown attack by the APT group, reveals the Lazarus Group's TTPs that allowed attackers to obtain partial control over a pharmaceutical company's infrastructure in just four days, as well as the tools used by the attackers for preliminary compromise, network reconnaissance, and gaining persistence in the infrastructure of the targeted company.