Andariel, a North Korea-aligned threat actor, recently used malware known as EarlyRat in phishing attacks. This adds to the wide range of tools the group uses to perpetrate attacks against its targets.
An analyst has uncovered a previously unknown remote access trojan that has been dubbed ‘EarlyRAT’. This trojan appears to have been used by Andariel, a sub-group of the Lazarus North Korean hacking group linked to North Korea’s state-sponsored cybercrime organization.
Among the main hacker groups associated with the Lazarus organization, Stonefly (aka Andariel) is regarded as one of the most prominent hacker groups. By using the DTrack modular backdoor, the group has gathered a wealth of information from compromised systems, including browsing history, typing data (keylogging), screenshots, running processes, and much more.
To attack machines, Andariel exploits a vulnerability in the Log4j application, which allows them to download further malware from the C2 server that hosts their attack. In addition to the DTrack backdoor, there are some other malware files on this list that were downloaded.
Throughout the network reconnaissance, credential stealing, and lateral movement, Andariel used open-source security product
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: