🛡 H3lium@infosec.exchange/:~# :blinking_cursor:<p>"🚨 Lazarus Group Unleashes CollectionRAT in Sophisticated Campaigns 🚨"</p><p>Lazarus Group, a North Korean state-sponsored actor, has been utilizing infrastructure reuse to launch sophisticated cyber attacks. Their latest campaign exploits CVE-2022-47966, a vulnerability in ManageEngine ServiceDesk, to deploy multiple threats including a new malware, CollectionRAT. This RAT showcases capabilities such as executing arbitrary commands and managing files on infected systems. Intriguingly, Lazarus Group is increasingly leveraging open-source tools like the DeimosC2 framework, marking a strategic shift in their attack methodologies. CollectionRAT, along with other tools like the malicious PuTTY Link (Plink), indicates a refined approach in their cyber warfare tactics.</p><p>Details: <a href="https://blog.talosintelligence.com/lazarus-collectionrat/" rel="nofollow noopener noreferrer" target="_blank">Cisco Talos Blog</a></p><p>Authors: Asheer Malhotra, Vitor Ventura, Jungsoo An</p><p>Tags: <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/LazarusGroup" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LazarusGroup</span></a> <a href="https://infosec.exchange/tags/APT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>APT</span></a> <a href="https://infosec.exchange/tags/CollectionRAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CollectionRAT</span></a> <a href="https://infosec.exchange/tags/DeimosC2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DeimosC2</span></a> <a href="https://infosec.exchange/tags/CVE202247966" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE202247966</span></a> <a href="https://infosec.exchange/tags/ManageEngine" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ManageEngine</span></a> <a href="https://infosec.exchange/tags/Plink" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Plink</span></a> <a href="https://infosec.exchange/tags/NorthKorea" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NorthKorea</span></a> <a href="https://infosec.exchange/tags/StateSponsoredCyberAttacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>StateSponsoredCyberAttacks</span></a> 💻🌍🔐</p><p><a href="https://attack.mitre.org/groups/G0032/" rel="nofollow noopener noreferrer" target="_blank">Mitre - Lazarus Group</a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
social.tchncs.de is one of the many independent Mastodon servers you can use to participate in the fediverse.
A friendly server from Germany – which tends to attract techy people, but welcomes everybody. This is one of the oldest Mastodon instances.
Administered by:
Server stats:
3.7Kactive users
social.tchncs.de: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#cve202247966
0 posts · 0 participants · 0 posts today
Ron Bowes<p>I just posted our <a href="https://infosec.exchange/tags/Rapid7" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Rapid7</span></a> technical analysis of the recent vulnerability in <a href="https://infosec.exchange/tags/ManageEngine" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ManageEngine</span></a> - CVE-2022-47966 (<a href="https://infosec.exchange/tags/cve202247966" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cve202247966</span></a> / <a href="https://infosec.exchange/tags/CVE_2022_47966" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE_2022_47966</span></a>. Big thanks to <span class="h-card"><a href="https://infosec.exchange/@catc0n" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>catc0n</span></a></span> and my new co-worker @stephenfewer@twitter.com for their help on this one! I can see I have a lot to learn from Stephen :)</p><p><a href="https://attackerkb.com/topics/gvs0Gv8BID/cve-2022-47966/rapid7-analysis" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">attackerkb.com/topics/gvs0Gv8B</span><span class="invisible">ID/cve-2022-47966/rapid7-analysis</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload