Lazarus Group Escalates Attacks In 2025: ANY.RUN Reveals Detection Strategies For SOC Teams

2025-09-10 08:46:21

(MENAFN- EIN Presswire)

DUBAI, DUBAI, UNITED ARAB EMIRATES, September 10, 2025 /EINPresswire / -- ANY , a leading provider of interactive malware analysis and threat intelligence, released an in-depth report on the Lazarus Group's intensified cyber campaigns in 2025. The research exposes sophisticated tactics targeting tech and crypto sectors, offering SOC teams actionable insights and detection tips to fortify defenses against this notorious North Korean APT.

Lazarus Group in 2025: Key Campaigns

The Lazarus Group has ramped up operations with social engineering and supply chain exploits, compromising hundreds of firms and causing millions in losses. Tactics include:

· North Korean IT Workers: Operatives pose as remote hires using stolen identities to infiltrate U.S. and UK companies, stealing data and deploying malware. A blockchain firm lost $900,000 in crypto to such insiders, per U.S. Department of Justice reports.

· Operation 99 (Contagious Interview): Fake job interviews on LinkedIn lure developers with malicious GitLab tests and NPM packages. Victims face credential theft and system infections, leading to supply chain ripple effects.

· Hijacked Open-Source Packages: Over 230 malicious GitHub and PyPI uploads since January target developers, enabling backdoor access. The $1.5B ByBit hack stemmed from a tainted Docker project at Safe{Wallet}, funneling funds to Lazarus.

These attacks erode financial stability, IP, and trust, with recovery costs soaring.

Detection Tips for SOC Teams

Lazarus deploys evasive tools like InvisibleFerret (keylogging via fake interviews), OtterCookie (token theft in packages), and PyLangGhost RAT (espionage via ClickFix scripts).

ANY's Interactive Sandbox helps over 15,000 SOCs ensure:

· Faster detection of threats and reduced Mean Time to Detect (MTTD)

· Full visibility into what files and links actually do without any guesswork

· Immediate access to IOCs for SIEM enrichment and faster response

· Less manual effort for analysts, thanks to automated interactivity

· Lower risk of breaches, data loss, and business disruption

Read the full report on active Lazarus Group attacks on ANY blog .

About ANY

ANY is an interactive malware analysis and threat intelligence provider trusted by SOCs, CERTs, MSSPs, and cybersecurity researchers. The company's solutions are leveraged by 15,000 corporate security teams for incident investigations worldwide.

With real-time visibility into malware behavior, a focus on real-time interaction and actionable intelligence, ANY accelerates incident response, supports in-depth research, and helps defenders stay ahead of evolving threats.

The ANY team
ANYRUN FZCO
+1 657-366-5050
email us here
Visit us on social media:
LinkedIn
YouTube
X

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.

MENAFN10092025003118003196ID1110043083

Legal Disclaimer:
MENAFN provides the information “as is” without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the provider above.