lazarusholic

Everyday is lazarus.dayβ

Confronting Lazarus Group - MagicRAT and TigerRAT Campaign

2024-04-04, AttackIQ
https://www.attackiq.com/2024/04/04/cyber-sorcery/
#MagicRAT #TigerRAT

Contents

In September 2022, cybersecurity researchers at Cisco Talos made a significant discovery: a new Remote Access Trojan (RAT) dubbed “MagicRAT.” This malicious tool, attributed with moderate confidence to the Lazarus Group, a state-sponsored Advanced Persistent Threat (APT) associated with North Korea by the U.S. Cyber Security & Infrastructure Agency (CISA), poses a grave threat to organizations worldwide.
MagicRAT was uncovered on systems initially compromised through the exploitation of publicly exposed VMware Horizon platforms. Despite its seemingly simplistic capabilities, MagicRAT was built using the Qt Framework, a conscious decision that enables Lazarus to thwart human analysis and impede automatic detection through machine learning and heuristics. Utilizing the Qt Framework can be a differentiator for threat actors because it offers cross-platform capabilities, making malware developed with it harder to detect across various operating systems. Additionally, Qt’s rich graphical user interface tools can help in creating more convincing phishing or social engineering attacks, further …