Lazarus deploys new attack tool, MagicRAT to target organizations worldwide

Threat Level

Attack Report

For a detailed threat advisory, download the pdf file here

Summary

Lazarus, a North Korean threat actor, compromises vulnerable VMware Horizon servers and deploys MagicRAT, a new remote access tool developed by the attackers. MagicRAT creates scheduled tasks on compromised systems to achieve persistence. Additionally, it gives the attacker a remote shell to execute arbitrary commands and manipulate files.