VeilShell: A new threat from North Korea's Vedalia APT group
Contents
VeilShell: A new threat from North Korea's Vedalia APT group
October 04, 2024
Copy Link
According to reports, threat actors linked to North Korea have been deploying a previously undocumented backdoor and remote access trojan (RAT) called VeilShell in a campaign targeting Southeast Asian countries. This activity is attributed to the Vedalia APT group (aka APT37, ScarCruft, Reaper)
The attack typically begins with spear-phishing emails containing a ZIP archive that includes a Windows shortcut (LNK) file. When executed, the LNK file triggers PowerShell code to extract components, including a benign document and a malicious DLL. The DLL functions as a loader, retrieving JavaScript that downloads the VeilShell backdoor from a remote server.
VeilShell is a PowerShell-based backdoor malware that communicates with a command-and-control (C2) server to gather and exfiltrate system information. It can interact with the file system, modify the registry, create scheduled tasks, and maintain backdoor access for further malicious activities.
Symantec protects you from …
October 04, 2024
Copy Link
According to reports, threat actors linked to North Korea have been deploying a previously undocumented backdoor and remote access trojan (RAT) called VeilShell in a campaign targeting Southeast Asian countries. This activity is attributed to the Vedalia APT group (aka APT37, ScarCruft, Reaper)
The attack typically begins with spear-phishing emails containing a ZIP archive that includes a Windows shortcut (LNK) file. When executed, the LNK file triggers PowerShell code to extract components, including a benign document and a malicious DLL. The DLL functions as a loader, retrieving JavaScript that downloads the VeilShell backdoor from a remote server.
VeilShell is a PowerShell-based backdoor malware that communicates with a command-and-control (C2) server to gather and exfiltrate system information. It can interact with the file system, modify the registry, create scheduled tasks, and maintain backdoor access for further malicious activities.
Symantec protects you from …