The Lazarus Group, a well-known North Korean nation-state actor, has been connected to the MagicRAT remote access trojan.
Lazarus Team, also known as APT38, Dark Seoul, Hidden Cobra, and Zinc, refers to a cluster of economical inspired and espionage-driven cyber pursuits carried out by the North Korean governing administration as a suggests to sidestep sanctions imposed on the place and meet up with its strategic objectives.
According to Talos researchers Jung soo An, Asheer Malhotra, and Vitor Ventura, the RAT was built using the Qt Framework even though its capabilities were relatively basic. This was done solely to make automated detection using machine learning and heuristics less likely and human analysis more difficult.
While the Bluenoroff subgroup is targeted on attacking international fiscal establishments and perpetrating financial theft, Andariel is devoted in its pursuit of South Korean companies and firms.
MagicRat Malware
MagicRAT is a C++-based implant that aims to achieve persistence by establishing recurring tasks on the compromised machine. Additionally, it is “quite straightforward” in that it gives the attacker access to a remote shell via which they may run arbitrary commands and manage files.
On compromised machines, MagicRAT can also launch additional payloads that it has downloaded from a remote server.
Additionally, it has been discovered that TigerRat ,a backdoor that was once credited to Andariel and is designed to run commands, capture screenshots, log keystrokes, and gather system information, is being harbored and served by the C2 infrastructure connected to MagicRAT.
The researchers stated that “MagicRAT’s finding in the field is an indicator of Lazarus’ objectives , bespoke malware to utilize in conjunction with its already-known malware, such as TigerRAT, to attack organizations all over the world.”
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment