A North Korean-backed hacking group has targeted the defense industry with custom backdoor malware dubbed ThreatNeedle since early 2020. The group targeted organizations from more than a dozen countries and was coordinated by DPRK-backed state hackers tracked as Lazarus Group. The hackers used COVID19-themed spear-phishing emails with malicious attachments or links as the initial access vector to the companies’ enterprise network. After the initial compromise, they installed the group’s custom-made threatNeedle backdoor malware first used in 2018 in attacks targeting cryptocurrency businesses.
Source: https://www.bleepingcomputer.com/news/security/north-korean-hackers-target-defense-industry-with-custom-malware/