Numerous entities in the U.S., Mexico, Brazil, Germany, Italy, Switzerland, Turkey, and Saudi Arabia have been targeted by North Korean state-sponsored hacking group Lazarus
with an updated version of the DTrack backdoor, according to BleepingComputer
Government research centers, education organizations, chemical manufacturers, telecommunication providers, utility service providers, IT service providers, and policy institutes are being attacked with the new DTrack malware, which does not only have keylogging and IP address and network connection data exfiltration capabilities, but also the ability to execute file operations, retrieve more payloads, and exfiltrate files, reported Kaspersky researchers.
Filenames related to legitimate executables have been leveraged by Lazarus to facilitate the distribution of the DTrack malware, which undergoes several decryption procedures prior to final payload delivery. DTrack was previously attributed by Kaspersky researchers to North Korean hacking operation Andariel in August while Dragos tied the malware to another North Korean hacking group Wassonite in 2020.