North Korean group targets nuclear-related organization with new malware
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
The Lazarus group has evolved its infection chain by targeting employees of a nuclear-related organization with a combination of new and old malware. The attack involved delivering malicious archive files containing trojanized VNC utilities and various malware strains including Ranid Downloader, MISTPEN, RollMid, LPEClient, CookieTime, and a new modular backdoor called CookiePlus. The infection chain has become more complex, demonstrating improved delivery and persistence methods. CookiePlus, likely the successor to MISTPEN, can download both DLLs and shellcode, making it difficult to detect. The group used compromised WordPress servers as command and control infrastructure for most of the malware.
OPENCTI LABELS :
supply chain,modular malware,lpeclient,wordpress c2,cookietime,deathnote campaign,rollmid,servicechanger,ranid downloader,charamel loader,nuclear,trojanized vnc,mistpen,cookieplus
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
North Korean group targets nuclear-related organization with new malware