Cisco Talos: LilacSquid Threat Actor Targets Multiple Sectors Worldwide With PurpleInk Malware

2024-06-05 19:13

A new report from Cisco Talos exposed the activities of a threat actor known as LilacSquid, or UAT-4820.

The threat actor exploits vulnerable web applications or uses compromised Remote Desktop Protection credentials to successfully compromise systems by infecting them with custom PurpleInk malware.

LilacSquid is a cyberespionage threat actor that has been active since at least 2021.

Multiple tactics, techniques and procedures used by the threat actor are similar to those of North Korean advanced persistent threat groups, namely Andariel and its parent umbrella structure, Lazarus.

The first method used by LilacSquid to compromise its targets consists of successfully exploiting vulnerable web applications.

The main implant used by the LilacSquid threat actor, PurpleInk, is based on QuasarRAT, a remote access tool available online since at least 2014.

News URL

https://www.techrepublic.com/article/cisco-talos-lilacsquid-purpleink-malware/

#cisco #malware #threat

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Cisco		4461	232	3099	1846	612	5789

News URL

Related news

Related vendor