“This campaign was previously partially disclosed by other security firms, but our findings reveal more details about the adversary’s modus operandi,” Jung soo An, Asheer Malhotra, and Vitor Ventura, Cisco Talos researchers, wrote in a blog post. Additionally, the researchers also discovered the use of a recently disclosed implant that it is calling ‘ MagicRAT’ in this campaign.
The researchers also discovered the use of two known malware families in these intrusions, VSingle and YamaBot. Between February and July this year, the group is said to have exploited Log4j vulnerabilities in VMware Horizon servers to gain an initial foothold into targeted organizations, including energy providers from around the world, including those headquartered in the U.S., Canada, and Japan.Ĭisco assesses that the campaign is meant to infiltrate organizations worldwide to establish long-term access and subsequently exfiltrate data of interest to the adversary’s nation-state. Researchers at Cisco Talos have been tracking a new campaign operated by the Lazarus advanced persistent threat (APT) group, attributed to North Korea by the U.S.
0 kommentar(er)
