April 24, 2025 By Bill Toulas
In a recent espionage campaign, the infamous North Korean threat group Lazarus targeted multiple organizations in the software, IT, finance, and telecommunications sectors in South Korea.
The threat actor combined a watering hole attack strategy with an exploit for a vulnerability in a file transfer client that is required in South Korea to complete certain financial and administrative tasks.
Researchers at Kasperky named the campaign 'Operation SyncHole' and say that the activity compromised at least half a dozen organizations between November 2024 and February 2025.
“We identified at least six software, IT, financial, semiconductor manufacturing and telecommunication organizations in South Korea that fell victim to “Operation SyncHole,” Kasperky notes in a report.
Source: Kaspersky
“However, we are confident that there are many more affected organizations across a broader range of industries, given the popularity of the software exploited by Lazarus in this campaign,” the researchers added.