NICKEL ACADEMY

Nickel Academy is a threat actor, known for its malicious campaigns. In November 2017, the North Korean cyber threat group, known as the Lazarus Group, launched a spearphishing campaign using a job opening for a CFO role at a European-based cryptocurrency company as bait. CTU researchers discovered this campaign and found several indicators pointing to Nickel Academy's involvement with high confidence. These included copying and pasting job descriptions from online recruitment sites in previous campaigns and technical linkages to previous Nickel Academy malware and operations. The researchers also identified components of a custom Command and Control (C2) protocol being used in the campaign that had been utilized by Nickel Academy in previous operations. They found common elements in the macro and the first-stage Remote Access Trojan (RAT) used in the campaign with former campaigns of the NICKEL ACADEMY (Lazarus) group. This spearphishing campaign was just one example of the methods used by Nickel Academy to gain unauthorized access to sensitive information. Overall, Nickel Academy poses a significant threat to organizations globally. Their use of spearphishing campaigns and custom C2 protocols highlights their sophistication and advanced capabilities. Organizations should take proactive measures to protect themselves against these types of attacks, including implementing strong cybersecurity policies, conducting regular security awareness training for employees, and employing advanced threat detection technologies.