Lazarus APT, the North Korean state-sponsored cyber attackers group, is known to buying access into other threat group’s pre-hacked servers. Lately, connections have been uncovered between the North Korean group and threat actors’ native to Russia. TA505, TrickBot, and Dridex are cyber threat groups connected to Russian-speaking nefarious attackers that sell breached systems’ access on the Dark web to other attackers.
Read More: Cybersecurity and Risks with Remote Working – Cyber Threats Are For Real
The North Korean group has been known to use TrickBot’s codes in some of its attacks. The nefarious code is run as Malware-as-a-Service (MaaS) that can then be accessed by the highest-tier malicious actors. CISA has issued alerts regarding hackers based in North Korea that may be working or contracting criminal groups like TA505 for initial access.
Source: Cyware