The prolific North Korean nation-state actor known as the Lazarus Group has been linked to a new remote access trojan called MagicRAT.
The previously unknown piece of malware is said to have been deployed in victim networks that had been initially breached via successful exploitation of internet-facing VMware Horizon servers, Cisco Talos said in a report shared with The Hacker News.
Lazarus Group, also known as APT38, Dark Seoul, Hidden Cobra, and Zinc, refers to a cluster of financial motivated and espionage-driven cyber activities undertaken by the North Korean government as a means to sidestep sanctions imposed on the country and meet its strategic objectives.
Like other umbrella collectives Winnti and MuddyWater, the state-sponsored hacking collective also has “spin-off” groups such as Bluenoroff and Andariel, which focus on specific kinds of attacks and targets.
While the Bluenoroff subgroup is focused on attacking foreign financial institutions and perpetrating monetary theft, Andariel is devoted in its pursuit of South Korean organizations and businesses.
