Security researchers are tracking new DDoS extortion activity by threat actor group Fancy Lazarus. The attacks have been primarily targeting US and global organizations from a range of sectors including energy, financial, insurance, manufacturing, public utilities and retail.
The group – which formerly used monikers such as Fancy Bear, Lazarus, Lazarus Group, and Armada Collective, among others – went on hiatus for around a month from April to May 2021 following a campaign of ransom DDoS attacks against global financial institutions and organizations that started in mid-to-late August 2020. “In each case the threat actor demanded bitcoin payment or else a small-scale denial-of-service attack would be launched with a more substantial attack mere days later,” Proofpoint researchers explained in a blog posting. Now, the group has resurfaced with a new name and changes in its tactics, techniques and procedures (TTPs).