Energy providers around the world are being targeted by malicious group linked with Lazarus.
The campaign is meant to infiltrate organizations around the world for establishing long-term access and subsequently exfiltrating data of interest.
The latest attack wave is notable for employing two other pieces of malware: VSingle, an HTTP bot which executes arbitrary code from a remote network, and a Golang backdoor called YamaBot.
A new remote access trojan evading detection named MagicRAT was also found in the latest attack. MagicRAT has the capability to launch various other malicious payloads.
Initial access into enterprise networks is facilitated by means of exploitation of vulnerabilities in VMware products, with the ultimate goal of establishing persistent access to perform activities in support of North Korean government objectives.
Install NPAV on your systems to keep them protected against these malware and ransomware attacks. Securing your sensitive data and defending it against all kinds of cyber attacks is our first priority.
Use NPAV and join us on a mission to secure the cyber world.