Empire Operations: Tactics (Lazarus)

The Lazarus Group, a North Korean-linked APT, is one of the most notorious ransomware groups on the planet. They have continued to grow and mature their operations, often pulling off high-value crypto heists. In this edition of Empire Ops: Tactics, we will take a deep dive into both past and present Lazarus Group campaigns and how Empire can be used to emulate these often complex cyber campaigns. In particular, we will look at strategies for deploying and managing ransomware and crypto-miner emulation tools. Additionally, we will explore how this group continues to leverage well-known vulnerabilities, such as Log4j, to great effect despite their age and high-profile patching campaigns.

Sign Up Now

Course Overview

1. Empire Ops: Tactics (Lazarus)
2. Notices
3. Course Material
4. Immersive Labs
1. Threat Emulation Basics
2. The Intersection of Financial Motivation and Espionage
3. Overview of Lazarus and Their TTPs
1. Intro to Ransomware and Crypto Miners
2. Resource Hijacking During an Op
3. Complexities of Ransomware Simulation
1. Why Do Old Exploits Continue to Work?
2. Integrating Exploits into Empire
3. Prepping the Network
4. Deploying your Effects

Key Takeaways

Define the Primary TTPs of Lazarus
Understand the Complexities of Ransomware Simulation
Build Exploit Integration with Empire

Interested in Taking This Course

Sign Up Now