Threat Intelligence, Malware
Malware attack techniques combined in new North Korean macOS intrusions
Share
North Korea's Lazarus Group has leveraged the backdoored PDF reader app SwiftLoader used in the RustBucket campaign to facilitate the deployment of the KANDYKORN macOS malware in a bid to better evade detection, according to The Hacker News.
Novel SwiftLoader stager variants purporting to be the EdoneViewer executable have been utilized by attackers to enable KANDYKORN RAT retrieval, according to a SentinelOne report.
Such findings, which follow an AhnLab Security Emergency Response Center report linking Lazarus subgroup Andariel to attacks exploiting Apache ActiveMQ flaws to deliver the TigerRAT and NukeSped malware, indicate the increased sharing of tools and techniques between North Korean threat operations.
"The DPRK's cyber landscape has evolved to a streamlined organization with shared tooling and targeting efforts. This flexible approach to tasking makes it difficult for defenders to track, attribute, and thwart malicious activities, while enabling this now collaborative adversary to move stealthily with greater speed and adaptability," said Mandiant.
Related Events
Related Terms
CorruptionDNS SpoofingDarknetDeauthentication AttackDictionary AttackDistributed ScansDomain HijackingGoogle HackingInformation WarfareReconnaissanceGet daily email updates
SC Media's daily must-read of the most current and pressing daily news