Security News > 2024 > June > Cisco Talos: LilacSquid Threat Actor Targets Multiple Sectors Worldwide With PurpleInk Malware

Cisco Talos: LilacSquid Threat Actor Targets Multiple Sectors Worldwide With PurpleInk Malware
2024-06-05 19:13

A new report from Cisco Talos exposed the activities of a threat actor known as LilacSquid, or UAT-4820.

The threat actor exploits vulnerable web applications or uses compromised Remote Desktop Protection credentials to successfully compromise systems by infecting them with custom PurpleInk malware.

LilacSquid is a cyberespionage threat actor that has been active since at least 2021.

Multiple tactics, techniques and procedures used by the threat actor are similar to those of North Korean advanced persistent threat groups, namely Andariel and its parent umbrella structure, Lazarus.

The first method used by LilacSquid to compromise its targets consists of successfully exploiting vulnerable web applications.

The main implant used by the LilacSquid threat actor, PurpleInk, is based on QuasarRAT, a remote access tool available online since at least 2014.


News URL

https://www.techrepublic.com/article/cisco-talos-lilacsquid-purpleink-malware/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2046 21 1773 1669 288 3751