Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
social.tchncs.de is one of the many independent Mastodon servers you can use to participate in the fediverse.
A friendly server from Germany – which tends to attract techy people, but welcomes everybody. This is one of the oldest Mastodon instances.

Administered by:

Server stats:

3.7K
active users

social.tchncs.de: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

#collectionrat

0 posts0 participants0 posts today
Public
🛡 H3lium@infosec.exchange/:~# :blinking_cursor:

"🚨 Lazarus Group Unleashes CollectionRAT in Sophisticated Campaigns 🚨"

Lazarus Group, a North Korean state-sponsored actor, has been utilizing infrastructure reuse to launch sophisticated cyber attacks. Their latest campaign exploits CVE-2022-47966, a vulnerability in ManageEngine ServiceDesk, to deploy multiple threats including a new malware, CollectionRAT. This RAT showcases capabilities such as executing arbitrary commands and managing files on infected systems. Intriguingly, Lazarus Group is increasingly leveraging open-source tools like the DeimosC2 framework, marking a strategic shift in their attack methodologies. CollectionRAT, along with other tools like the malicious PuTTY Link (Plink), indicates a refined approach in their cyber warfare tactics.

Details: Cisco Talos Blog

Authors: Asheer Malhotra, Vitor Ventura, Jungsoo An

Tags: #Cybersecurity #LazarusGroup #APT #CollectionRAT #DeimosC2 #CVE202247966 #ManageEngine #Plink #NorthKorea #StateSponsoredCyberAttacks 💻🌍🔐

Mitre - Lazarus Group

Cisco Talos Blog · Lazarus Group's infrastructure reuse leads to discovery of new malwareLazarus Group appears to be changing its tactics, increasingly relying on open-source tools and frameworks in the initial access phase of their attacks, as opposed to strictly employing them in the post-compromise phase.
ExploreLive feeds
About