Lazarus Group’s New Campaign
North Korean hackers, Lazarus Group, target DeFi firms. They use three new malware types. For example, PondRAT and ThemeForestRAT steal data. The attacks began in 2024.
Social Engineering Tactics
Attackers impersonate company employees. They use fake meeting scheduler websites. Consequently, victims trust the communication. This leads to system compromise.
Initial Access Methods
The exact entry point is unclear. Attackers may exploit browser flaws. For instance, a zero-day issue was suspected. This allows malware deployment.
PerfhLoader Drops Malware and The Role
A loader, PerfhLoader, starts the attack. It deploys PondRAT, a simple malware. Moreover, it delivers other harmful tools. This sets up further attacks.
PondRAT is a basic remote access tool. It reads and writes files. For example, it runs harmful code. It connects to a control server.
ThemeForestRAT’s Capabilities
ThemeForestRAT is more advanced. It monitors remote desktop sessions. Additionally, it supports multiple commands. This includes file operations and data theft.
RemotePE for High-Value Targets
RemotePE is a sophisticated malware. It targets valuable systems. For instance, it uses a dedicated loader. This ensures stealthy operations.
Past Attacks and Tools Used
ThemeForestRAT resembles an older malware. It shares traits with a known attack. Therefore, it connects to past Lazarus campaigns. This shows a consistent strategy.
Attackers deploy various tools. These include keyloggers and credential stealers. For example, they use proxy programs. This aids network infiltration.
The malware runs in memory. This avoids detection by security tools. Moreover, it uses encrypted communication. This keeps attacks hidden.
Preventing Lazarus Attacks
To stop Lazarus Group, verify all meeting requests. Avoid clicking links from unknown sources. Additionally, real-time threat monitoring can detect suspicious activity. Cybersecurity training helps employees spot fake communications. By staying vigilant, firms can protect their systems and data.
Sleep well, we got you covered.
