More robust attack tools have been leveraged by North Korean state-sponsored threat operation Andariel
, a Lazarus Group sub-cluster, as it ramped up intrusions against South Korean companies and organizations across different sectors, according to The Hacker News
Andariel, also known as Silent Chollima and Nice, has utilized supply chain attacks, spear-phishing operations, and other initial infection vectors to facilitate the deployment of various malware, including Gh0st RAT, Andarat, EarlyRAT, and TigerRAT, as well as its MagicRAT and QuiteRAT variants, a report from the AhnLab Security Emergency Response Center revealed.
Researchers also found that Andariel exploited the Innorix Agent tool and AndarLoader downloader to enable the delivery of the Goat RAT and DurianBeacon backdoors, respectively.
"The Andariel group is one of the highly active threat groups targeting Korea along with Kimsuky and Lazarus. The group launched attacks to gain information related to national security in the early days but now carries out attacks for financial gains," said ASEC.