Lazarus deploys new attack tool, MagicRAT to target organizations worldwide
Lazarus deploys new attack tool, MagicRAT to target organizations worldwide
Threat Level
Attack Report
For a detailed threat advisory, download the pdf file here
Summary
Lazarus, a North Korean threat actor, compromises vulnerable VMware Horizon servers and deploys MagicRAT, a new remote access tool developed by the attackers. MagicRAT creates scheduled tasks on compromised systems to achieve persistence. Additionally, it gives the attacker a remote shell to execute arbitrary commands and manipulate files.