Everything You Need to Know About LilacSquid
Contents
EXECUTIVE SUMMARY
Last month, Avertium’s Cyber Threat Intelligence team reported on an advanced persistent threat actor (APT) known as LilacSquid. This month, we are digging further to uncover the threat actor's tactics and techniques.
Active since at least 2021, LilacSquid (also known as UAT-4820) focuses on cyber espionage. This threat actor has targeted IT companies developing software for research and industrial sectors in the U.S., energy sector organizations in Europe, and pharmaceutical companies in Asia.
The threat actor uses various tactics, techniques, and procedures that resemble those used by North Korean APT groups, specifically Andariel and its overarching structure, Lazarus. Their campaign utilizes MeshAgent, an open-source remote management tool, along with a customized version of QuasarRAT, referred to as "PurpleInk," as primary implants following the compromise of vulnerable application servers exposed to the internet. Let’s look at LilacSquid, as well as recommendations on how organizations can protect themselves from this kind of threat …
Last month, Avertium’s Cyber Threat Intelligence team reported on an advanced persistent threat actor (APT) known as LilacSquid. This month, we are digging further to uncover the threat actor's tactics and techniques.
Active since at least 2021, LilacSquid (also known as UAT-4820) focuses on cyber espionage. This threat actor has targeted IT companies developing software for research and industrial sectors in the U.S., energy sector organizations in Europe, and pharmaceutical companies in Asia.
The threat actor uses various tactics, techniques, and procedures that resemble those used by North Korean APT groups, specifically Andariel and its overarching structure, Lazarus. Their campaign utilizes MeshAgent, an open-source remote management tool, along with a customized version of QuasarRAT, referred to as "PurpleInk," as primary implants following the compromise of vulnerable application servers exposed to the internet. Let’s look at LilacSquid, as well as recommendations on how organizations can protect themselves from this kind of threat …