"North Korean Hacker Group Andariel Strikes With New EarlyRat Malware"
"Andariel," a threat actor aligned with North Korea, used "EarlyRat," a previously undocumented malware, in attacks exploiting the Log4j Log4Shell vulnerability. According to researchers, Andariel infects machines by executing a Log4j exploit, which then downloads additional malware from the command-and-control (C2) server. Andariel, also known as "Silent Chollima" and "Stonefly," is associated with North Korea's Lab 110, a primary hacking unit that also includes APT38 (also known as "BlueNoroff") and other subordinate elements tracked collectively under the name "Lazarus Group." In addition to conducting espionage attacks against foreign government and military entities of strategic interest, the threat actor is known to conduct cybercrime as an extra source of income. Some of the cyber weapons in its arsenal include the Maui ransomware strain and numerous Remote Access Trojans (RATs) and backdoors such as Dtrack, NukeSped, MagicRAT, and YamaBot. This article continues to discuss the North Korea-aligned threat actor Andariel using the new EarlyRat malware.
THN reports "North Korean Hacker Group Andariel Strikes With New EarlyRat Malware"