Lazarus Group Exploits Zero-Day Vulnerability to Hack South Korean Financial Entity

The North Korea-linked Lazarus Group has been observed weaponizing flaws in an undisclosed software to breach a financial business entity in South Korea twice within a span of a year.
While the first attack in May 2022 entailed the use of a vulnerable version of a certificate software that's widely used by public institutions and universities, the re-infiltration in October 2022 involved the

attack breach business certificate exploits financial flaws hack institutions korea lazarus lazarus group may may 2022 north north korea october public software south south korea span universities version vulnerability vulnerable zero-day zero-day vulnerability