Lazarus Group Escalates Attacks in 2025: ANY.RUN Reveals Detection Strategies for SOC Teams

DUBAI, DUBAI, UNITED ARAB EMIRATES, September 10, 2025 /EINPresswire.com/ -- ANY.RUN, a leading provider of interactive malware analysis and threat intelligence, released an in-depth report on the Lazarus Group's intensified cyber campaigns in 2025. The research exposes sophisticated tactics targeting tech and crypto sectors, offering SOC teams actionable insights and detection tips to fortify defenses against this notorious North Korean APT.

𝐋𝐚𝐳𝐚𝐫𝐮𝐬 𝐆𝐫𝐨𝐮𝐩 𝐢𝐧 𝟐𝟎𝟐𝟓: 𝐊𝐞𝐲 𝐂𝐚𝐦𝐩𝐚𝐢𝐠𝐧𝐬

The Lazarus Group has ramped up operations with social engineering and supply chain exploits, compromising hundreds of firms and causing millions in losses. Tactics include:

· 𝗡𝗼𝗿𝘁𝗵 𝗞𝗼𝗿𝗲𝗮𝗻 𝗜𝗧 𝗪𝗼𝗿𝗸𝗲𝗿𝘀: Operatives pose as remote hires using stolen identities to infiltrate U.S. and UK companies, stealing data and deploying malware. A blockchain firm lost $900,000 in crypto to such insiders, per U.S. Department of Justice reports.

· 𝗢𝗽𝗲𝗿𝗮𝘁𝗶𝗼𝗻 𝟵𝟵 (𝗖𝗼𝗻𝘁𝗮𝗴𝗶𝗼𝘂𝘀 𝗜𝗻𝘁𝗲𝗿𝘃𝗶𝗲𝘄): Fake job interviews on LinkedIn lure developers with malicious GitLab tests and NPM packages. Victims face credential theft and system infections, leading to supply chain ripple effects.

· 𝗛𝗶𝗷𝗮𝗰𝗸𝗲𝗱 𝗢𝗽𝗲𝗻-𝗦𝗼𝘂𝗿𝗰𝗲 𝗣𝗮𝗰𝗸𝗮𝗴𝗲𝘀: Over 230 malicious GitHub and PyPI uploads since January target developers, enabling backdoor access. The $1.5B ByBit hack stemmed from a tainted Docker project at Safe{Wallet}, funneling funds to Lazarus.

These attacks erode financial stability, IP, and trust, with recovery costs soaring.

𝐃𝐞𝐭𝐞𝐜𝐭𝐢𝐨𝐧 𝐓𝐢𝐩𝐬 𝐟𝐨𝐫 𝐒𝐎𝐂 𝐓𝐞𝐚𝐦𝐬

Lazarus deploys evasive tools like InvisibleFerret (keylogging via fake interviews), OtterCookie (token theft in packages), and PyLangGhost RAT (espionage via ClickFix scripts).

ANY.RUN's Interactive Sandbox helps over 15,000 SOCs ensure:

· Faster detection of threats and reduced Mean Time to Detect (MTTD)

· Full visibility into what files and links actually do without any guesswork

· Immediate access to IOCs for SIEM enrichment and faster response

· Less manual effort for analysts, thanks to automated interactivity

· Lower risk of breaches, data loss, and business disruption

Read the full report on active Lazarus Group attacks on ANY.RUN blog.

𝐀𝐛𝐨𝐮𝐭 𝐀𝐍𝐘.𝐑𝐔𝐍

ANY.RUN is an interactive malware analysis and threat intelligence provider trusted by SOCs, CERTs, MSSPs, and cybersecurity researchers. The company’s solutions are leveraged by 15,000 corporate security teams for incident investigations worldwide.

With real-time visibility into malware behavior, a focus on real-time interaction and actionable intelligence, ANY.RUN accelerates incident response, supports in-depth research, and helps defenders stay ahead of evolving threats.

The ANY.RUN team
ANYRUN FZCO
+1 657-366-5050
email us here
Visit us on social media:
LinkedIn
YouTube
X

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.