"Threat Assessment: North Korean Threat Groups" published by PaloaltoNetworks. #AlluringPisces, #CollectionRAT, #Comebacker, #Fullhouse, #GleamingPisces, #JumpyPisces, #KANDYKORN, #ObjCShellz, #OdicLoader, #POOLRAT, #PondRAT, #RustBucket, #SelectivePisces, #SlowPisces, #SmoothOperator, #SparklingPisces, #DPRK, #CTI https://unit42.paloaltonetworks.com/threat-assessment-north-korean-threat-groups-2024/

"🚨 Lazarus Group Unleashes CollectionRAT in Sophisticated Campaigns 🚨"

Lazarus Group, a North Korean state-sponsored actor, has been utilizing infrastructure reuse to launch sophisticated cyber attacks. Their latest campaign exploits CVE-2022-47966, a vulnerability in ManageEngine ServiceDesk, to deploy multiple threats including a new malware, CollectionRAT. This RAT showcases capabilities such as executing arbitrary commands and managing files on infected systems. Intriguingly, Lazarus Group is increasingly leveraging open-source tools like the DeimosC2 framework, marking a strategic shift in their attack methodologies. CollectionRAT, along with other tools like the malicious PuTTY Link (Plink), indicates a refined approach in their cyber warfare tactics.

Details: Cisco Talos Blog

Authors: Asheer Malhotra, Vitor Ventura, Jungsoo An

Tags: #Cybersecurity #LazarusGroup #APT #CollectionRAT #DeimosC2 #CVE202247966 #ManageEngine #Plink #NorthKorea #StateSponsoredCyberAttacks 💻🌍🔐

Mitre - Lazarus Group

"Lazarus Group's infrastructure reuse leads to discovery of new malware" published by CiscoTalos. #Andariel, #CollectionRAT, #CVE-2022-47966, #CTI, #OSINT, #LAZARUS https://blog.talosintelligence.com/lazarus-collectionrat/