Threat Intelligence, Malware

Malware attack techniques combined in new North Korean macOS intrusions

Share

North Korea's Lazarus Group has leveraged the backdoored PDF reader app SwiftLoader used in the RustBucket campaign to facilitate the deployment of the KANDYKORN macOS malware in a bid to better evade detection, according to The Hacker News. Novel SwiftLoader stager variants purporting to be the EdoneViewer executable have been utilized by attackers to enable KANDYKORN RAT retrieval, according to a SentinelOne report. Such findings, which follow an AhnLab Security Emergency Response Center report linking Lazarus subgroup Andariel to attacks exploiting Apache ActiveMQ flaws to deliver the TigerRAT and NukeSped malware, indicate the increased sharing of tools and techniques between North Korean threat operations. "The DPRK's cyber landscape has evolved to a streamlined organization with shared tooling and targeting efforts. This flexible approach to tasking makes it difficult for defenders to track, attribute, and thwart malicious activities, while enabling this now collaborative adversary to move stealthily with greater speed and adaptability," said Mandiant.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.