Lazarus (North Korea): A new Remote Access Trojan (RAT), dubbed Dacls was discovered by security researchers at Qihoo 360 and linked to North Korea’s Lazarus Group. Previous samples of malware from Lazarus which targeted Windows and Mac machines have been shared throughout the industry, however the Dacls RAT was found to be targeting Linux machines along with Windows. The samples analyzed by researchers share key characteristics with other malware that led them to the conclusion that it was North Korean-backed–primarily the download server, which the group had used in previous attack campaigns. Both Windows and Linux samples of Dacls have an exploit payload for Atlassian Confluence Server installations, which are vulnerable to attacks against the CVE-2019-3396 Remote Code Execution (RCE) bug.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased