Cybersecurity and Infrastructure Security Agency's (CISA) June 2022 recommendation. In addition, security researchers have identified overlaps in command and control (C2) and payload-hosting infrastructure between their own findings and the U.S. This campaign has already been partially uncovered by other security firms, but Cisco Talos can reveal more details about the adversary's modus operandi. In addition to these known malware families, the security researchers have also discovered the use of a previously unknown malware implant, which they call "MagicRAT". If you ask a search engine like Shodan for VMware installations accessible from the Internet, you will see quite a lot of red (see the following figure).Ĭorporate networks, the deployment of the VSingle and YamaBot malware implants developed by the group began. After all, I had reported about the vulnerability several times on the blog (see links at the end of the article). The original vector was to exploit the Log4j vulnerability on unprotected VMware Horizon servers. The campaign, conducted by APT Lazarus Group between February and July 2022, exploited vulnerabilities in VMWare Horizon to gain a foothold in targeted organizations. I came across the article Lazarus and the tale of three RATs published a few days ago with details via the following tweet. government as well as many security firms. It is a state-backed hacking group attributed to North Korea by the U.S. Talos, a security firm belonging to Cisco, has managed to track a new campaign by the state-run Lazarus APT group.
0 kommentar(er)
