It also shares high-level similarities with MagicRAT, not to mention written using a framework called PureBasic. The files, when opened, prompt the recipients to enable macros, leading to the execution of VBA code responsible for downloading the trojan.ĭescribed as a simple but limited backdoor, EarlyRat is designed to collect and exfiltrate system information to a remote server as well as execute arbitrary commands. The latest attack chain discovered by Kaspsersky shows that EarlyRat is propagated by means of phishing emails containing decoy Microsoft Word documents. This expert-led webinar will equip you with the knowledge and strategies you need to transform your privileged access security strategy. □ PAM Security – Expert Solutions to Secure Your Sensitive Accounts Cybersecurity and Infrastructure Security Agency (CISA) under the name TraderTraitor.Īndariel's weaponization of the Log4Shell vulnerability in unpatched VMware Horizon servers was previously documented by AhnLab Security Emergency Response Center ( ASEC) and Cisco Talos in 2022. The use of NukeSped overlaps with a campaign tracked by the U.S. NukeSped contains a range of features to create and terminate processes and move, read, and write files on the infected host. Some of the key cyber weapons in its arsenal include a ransomware strain referred to as Maui and numerous remote access trojans and backdoors such as Dtrack (aka Valefor and Preft), NukeSped (aka Manuscrypt), MagicRAT, and YamaBot. The threat actor, besides conducting espionage attacks against foreign government and military entities that are of strategic interest, is known to carry out cyber crime as an extra source of income to the sanctions-hit nation. "Andariel infects machines by executing a Log4j exploit, which, in turn, downloads further malware from the command-and-control (C2) server," Kaspersky said in a new report.Īlso called Silent Chollima and Stonefly, Andariel is associated with North Korea's Lab 110, a primary hacking unit that also houses APT38 (aka BlueNoroff) and other subordinate elements collectively tracked under the umbrella name Lazarus Group. The North Korea-aligned threat actor known as Andariel leveraged a previously undocumented malware called EarlyRat in phishing attacks, adding another piece to the group's wide-ranging toolset.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |