Researchers Warn of Cyber Weapons Used by Lazarus Group's Andariel Cluster

2023-09-05 10:15

The North Korean threat actor known as Andariel has been observed employing an arsenal of malicious tools in its cyber assaults against corporations and organizations in the southern counterpart.

Ariel, also known by the names Nicket Hyatt or Silent Chollima, is a sub-cluster of the Lazarus Group that's known to be active since at least 2008.

Attack chains mounted by the adversary have leveraged a variety of initial infection vectors, such as spear-phishing, watering holes, and supply chain attacks, as a beachhead to launch different payloads.

Some of the malware families employed by Andariel in its attacks include Gh0st RAT, DTrack, YamaBot, NukeSped, Rifdoor, Phandoor, Andarat, Andaratm, TigerRAT, and EarlyRAT. Another derivative of TigerRAT is QuiteRAT, which was recently documented by Cisco Talos as used by the Lazarus Group in intrusions exploiting security flaws in Zoho ManageEngine ServiceDesk Plus.

"The Andariel group is one of the highly active threat groups targeting Korea along with Kimsuky and Lazarus," ASEC said.

"The group launched attacks to gain information related to national security in the early days but now carries out attacks for financial gains."

News URL

https://thehackernews.com/2023/09/researchers-warn-of-cyber-weapons-used.html

#lazarusgroup #researcher #weapon