216.73.216.86

North Korean group targets nuclear-related organization with new malware

· Published 19/12/2024 12:57 · Modified 19/12/2024 13:39

Export JSON

Essential information

Published
19/12/2024 12:57
Modified
19/12/2024 13:39
Tags
2024-12-19 charamel loader cookieplus cookietime deathnote campaign lpeclient mistpen modular malware nuclear ranid downloader rollmid servicechanger supply-chain trojanized vnc wordpress c2
Related entities
2 vulnerabilities (cve), 1 observables, 1 intrusion sets (apt), 16 techniques (mitre), 8 malware, 1 others

Description

The Lazarus group has evolved its infection chain by targeting employees of a -related organization with a combination of new and old malware. The attack involved delivering malicious archive files containing utilities and various malware strains including , , , , , and a new modular backdoor called . The infection chain has become more complex, demonstrating improved delivery and persistence methods. , likely the successor to , can download both DLLs and shellcode, making it difficult to detect. The group used compromised WordPress servers as command and control infrastructure for most of the malware.

External references