{"href":"https://api.simplecast.com/oembed?url=https%3A%2F%2Fsecuritytools.simplecast.com%2Fepisodes%2Fthe-return-of-lazarus-OCE7S4aO","width":444,"version":"1.0","type":"rich","title":"The Return of Lazarus","thumbnail_width":300,"thumbnail_url":"https://image.simplecastcdn.com/images/59617cff-d258-400b-81f9-af733334da9f/c52cd99a-25d2-4ac1-ba5d-1fd490c79884/soc-podcastart.jpg","thumbnail_height":300,"provider_url":"https://simplecast.com","provider_name":"Simplecast","html":"<iframe src=\"https://player.simplecast.com/126c82b3-9a2f-496c-8a36-dc5ec07cc9d6\" height=\"200\" width=\"100%\" title=\"The Return of Lazarus\" frameborder=\"0\" scrolling=\"no\"></iframe>","height":200,"description":"The North Korean Lazarus group is running multiple high-risk campaigns: one exploiting Windows and another installing malware through fraudulent blockchain job offers.\n\nState of Cybercrime hosts Matt Radolec and David Gibson discuss the various APT groups, including a prolific ransomware-as-a-service operation and a Chinese cyber espionage gang known as Volt Typhoon, and other vulnerable vulnerabilities in this episode, including: \n\n+ Lazarus FudModule rootkit attacks and the concurrent Eager Crypto Beavers campaign \n+ RansomHub attacks on Halliburton, Change Healthcare, and hundreds more \n+ Large-scale extortion of AWS environments through exposed ENV files \n+ Hundreds of exposed servers from Volt Typhoon’s ISP targeting \n+ Payment gateway breach of over 1.7 million credit card owners"}