Lazarus Group Targets South Korean Organizations in Operation SyncHole

The Lazarus Group, linked to North Korea, has targeted at least six organizations in South Korea as part of a campaign named Operation SyncHole. The targeted sectors include software, IT, finance, semiconductor manufacturing, and telecommunications, according to a report by Kaspersky published today. The first evidence of compromise was detected in April 2025. The attacks exploited vulnerabilities in Cross EX and Innorix and utilized the ThreatNeedle malware.