'Operation Blockbuster' Aims to Thwart ‘Aggressive Adversary’ Lazarus

Written by

Symantec have launched an across-industry initiative dubbed ‘Operation Blockbuster’ aimed at tackling the cyber-espionage group Lazarus.

Led by research from analytics firm Novetta, Symantec have been able to link Lazarus to a spate of high-profile attacks that involved aggressive, destructive tactics on targets in South Korea and the US dating back to 2009. Operation Blockbuster will see security vendors share useful intelligence related to the group to help commercial and government organizations in defending against them. 

Orla Cox, Director Security Intelligence Delivery at Symantec said:

“Tackling today’s digital security challenges often require a collective approach to keep our customers protected. Our investigations have shown that the Lazarus Group is a well-resourced and aggressive adversary with the capabilities to carry out both espionage and subversive attacks. By pooling our respective insights, the Operation Blockbuster team hopes to deliver a considerable blow to this attack group while helping to ensure that all of our customers have robust protections to safeguard valuable information.”

Among the incidents Lazarus have been linked to are a wave of DDOS attacks on South Korean websites in 2011, a disk-wiping trojan breach that targeted a number of corporations in 2013 and Backdoor.Destover, the highly destructive trojan that was used in the breach of Sony Pictures Entertainment in 2014.

Symantec’s findings suggesting Lazarus may have played a part in the Sony case, which certainly could shed some more light on The FBI’s conclusion that the North Korean Government was behind the attack.

In a statement to Infosecurity Brian Honan, CEO of BH Consulting, praised Operation Blockbuster saying any initiatives that promote the sharing of information regarding threats, threats agents and their targets are most welcome.

“We know that criminals regularly collaborate with each other in their campaigns and have no concerns about sharing information amongst themselves in order to achieve their common goal. Having industry groups set aside competitive concerns and share their knowledge to deter criminals is a welcome move.”

“However, we need to ensure that any such operations always involve law enforcement with the goal to either disrupt or detain the criminal organizations and to make sure there is no interference with any ongoing law enforcement operations.” he added.

What’s hot on Infosecurity Magazine?