Home Security North Korean Hackers Deploying New MagicRAT Malware in Focused Campaigns

North Korean Hackers Deploying New MagicRAT Malware in Focused Campaigns

by crpt os


The prolific North Korean nation-state actor known as the Lazarus Group has been linked to a new remote access trojan called MagicRAT.

The previously unknown piece of malware is said to have been deployed in victim networks that had been initially breached via successful exploitation of internet-facing VMware Horizon servers, Cisco Talos said in a report shared with The Hacker News.

“While being a relatively simple RAT capability-wise, it was built with recourse to the Qt Framework, with the sole intent of making human analysis harder, and automated detection through machine learning and heuristics less likely,” Talos researchers Jung soo An, Asheer Malhotra, and Vitor Ventura said.

CyberSecurity

Lazarus Group, also known as APT38, Dark Seoul, Hidden Cobra, and Zinc, refers to a cluster of financial motivated and espionage-driven cyber activities undertaken by the North Korean government as a means to sidestep sanctions imposed on the country and meet its strategic objectives.

Like other umbrella collectives Winnti and MuddyWater, the state-sponsored hacking collective also has “spin-off” groups such as Bluenoroff and Andariel, which focus on specific kinds of attacks and targets.

While the Bluenoroff subgroup is focused on attacking foreign financial institutions and perpetrating monetary theft, Andariel is devoted in its pursuit of South Korean organizations and businesses.

North Korean Malware

“Lazarus develops their own attack tools and malware, can use innovative attack techniques, works very methodically, and takes their time,” cybersecurity firm NCC Group said in a report detailing the threat actor.

“In particular, the North Korean methods aim to avoid detection by security products and to remain undetected within the hacked systems for as long as possible.”

The latest addition to its wide-ranging malware toolset shows the group’s ability to employ a multitude of tactics and techniques depending on their targets and their operational goals.

A C++-based implant, MagicRAT is designed to achieve persistence by creating scheduled tasks on the compromised system. It’s also “rather simple” in that it provides the attacker with a remote shell to execute arbitrary commands and carry out file operations.

CyberSecurity

MagicRAT is also capable of launching additional payloads retrieved from a remote server on infected hosts. One of the executables retrieved from the command-and-control (C2) server takes the form of a GIF image file, but in reality is a lightweight port scanner.

Furthermore, the C2 infrastructure associated with MagicRAT has been found harboring and serving newer versions of TigerRAT, a backdoor formerly attributed to Andariel and is engineered to execute commands, take screenshots, log keystrokes, and harvest system information.

Also incorporated in the latest variant is a USB Dump feature that allows the adversary to hunt for files with specific extensions, alongside laying the groundwork for implementing video capture from webcams.

“The discovery of MagicRAT in the wild is an indication of Lazarus’ motivations to rapidly build new, bespoke malware to use along with their previously known malware such as TigerRAT to target organizations worldwide,” the researchers said.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex