Anatomy of a Lazarus Group Attack

Vectra AI vs.
Spear Phishing

What happens when a state-sponsored cybercrime group targets an employee on social media, navigates through zero trust, installs C2 and swipes admin credentials from inside your environment? We simulated a Lazarus Group attack to find out.

How Vectra AI exposed an active spear phishing attack

In this simulated Lazarus Group attack, defenders were put on the spot after threat actors compromised a corporate laptop and set up persistent access. With AI-driven Attack Signal Intelligence to automatically correlate detections across each attack surface, defenders knew exactly where to focus efforts.

The attacker:

  • Targets employee on LinkedIn 
  • Gains data center access 
  • Installs command and control (C2) infrastructure
  • Begins looking for proprietary research data

Defenders know:

  • Where hidden tunnels are set up
  • Which identities are impacted
  • What response actions to take
Response time
First Vectra Alert
5:02 A.M
Attack Stopped
5:22 A.M
Anatomy of a Lazarus Group Attack

Find the targeted attacks other solutions miss

The secret to stopping spear phishing attacks? Attack Signal Intelligence™. Vectra AI’s patented AI-driven signal empowers defenders leveraging the Vectra AI Platform to move at the speed and scale of modern attackers — including Lazarus Group attacks targeting proprietary information.

References in MITRE D3FEND
MITRE ATT&CK coverage
AI threat detection patents

Stop a hybrid attack

Take a self-guided tour to see how the Vectra AI Platform empowers you to stop hybrid attacks before any damage is done.

Take Self-Guided Tour

With Vectra AI, Lazarus Group attackers don't stand a chance

Secure web gateway, firewalls, IPS and other tools may not stop threat actors from gaining access. But with a platform powered by Attack Signal Intelligence, you can keep them from progressing. Attack Signal Intelligence detects and prioritizes:

Prioritizing tactics for Lazarus Group

  • This simulated attack was initiated through a spear phishing scam on LinkedIn.
  • Threat actors hid inside encryption and were able to pivot past zero trust network access (ZTNA) to make their way into the network data center.
  • Command and control enabled recon and once credentials were attained, attackers progressed further towards their target.
  • Defenders took immediate action with an attack signal that prioritizes attacker TTPs across the environment.
Prioritizing tactics for Lazarus Group

Keep spear phishing attacks from becoming data breaches

Download the full attack anatomy report to learn how you can move at the speed and scale of modern attackers.

Download the overview

Gain an unfair advantage over modern attacks