BlockBuster Operation: dismantling Lazarus Group Tools

An investigation carried out between several cybersecurity companies like Novetta, Kaspersky Lab and AlienVault, denominated Blockbuster Operation, reveals that different security attacks are related to the organization known as Lazarous Group or Guardians of Peace.

This study showed that the malware Destover (used in the Sony attack) was present in some way in other attacks, as well as reused code fragments that showed its "modus operandi". Other indicators such as the repetition of passwords, the techniques used to avoid the detection of the antivirus and the way to eliminate its trace were recurrent in this group.

In this way Blockbuster was able to attribute to Lazarous Group attacks against multiple financial entities, media and critical infrastructures in numerous countries between the years 2009 and 2015.

De este modo la Operación Blockbuster pudo atribuir a Lazarous Group ataques contra múltiples entidades financieras, medios de comunicación e infraestructuras críticas en numerosos países entre los años 2009 y 2015.