Analysis of APT attack cases targeting domestic companies using Dora RAT (Andariel Group)
Essential information
- Published
- 20/05/2024 10:20
- Modified
- 20/05/2024 10:35
- Tags
- 2024-05-20 apt dora rat infostealer nestdoor openvpn attack
- Related entities
- 10 observables, 1 intrusion sets (apt), 3 others
Description
AhnLab Security Intelligence Center (ASEC) recently confirmed that the Andariel group carried out APT attacks on domestic companies and institutions. The targeted organizations included manufacturing companies, construction firms, and educational institutions. The attackers employed backdoors, keyloggers, infostealers, and proxy tools to control the infected systems and steal data.
In this attack, malicious codes previously associated with the Andariel group were identified, such as Nestdoor, a backdoor malware. Additionally, web shells were detected. Although not identical, the proxy tool used in past Lazarus group attacks was also employed in this incident.