Security News > 2023 > June > North Korean Hacker Group Andariel Strikes with New EarlyRat Malware
The North Korea-aligned threat actor known as Andariel leveraged a previously undocumented malware called EarlyRat in attacks exploiting the Log4j Log4Shell vulnerability last year.
"Andariel infects machines by executing a Log4j exploit, which, in turn, downloads further malware from the command-and-control server," Kaspersky said in a new report.
Also called Silent Chollima and Stonefly, Andariel is associated with North Korea's Lab 110, a primary hacking unit that also houses APT38 and other subordinate elements collectively tracked under the umbrella name Lazarus Group.
The latest attack chain discovered by Kaspsersky shows that EarlyRat is propagated by means of phishing emails containing decoy Microsoft Word documents.
"Despite being an APT group, Lazarus is known for performing typical cyber crime tasks, such as deploying ransomware, which makes the cybercrime landscape more complicated," Kaspersky said.
"Moreover, the group uses a wide variety of custom tools, constantly updating existing and developing new malware."
News URL
https://thehackernews.com/2023/06/north-korean-hacker-group-andariel.html
Related news
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- Hackers deploy AI-written malware in targeted attacks (source)
- N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks (source)
- FIN7 hackers launch deepfake nude “generator” sites to spread malware (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- North Korean govt hackers linked to Play ransomware attack (source)