Lazarus Group from North Korea Unleashes New Kaolin RAT via Fake Job Offers
April 25, 2024
Malware / Cyber Threat
The North Korean cyber threat actor Lazarus Group has once again leveraged its longstanding tactic of using bogus job offers to distribute a new remote access trojan (RAT) known as Kaolin RAT. Targeting specific individuals in the Asia region during the summer of 2023, this malware not only performs standard RAT functions but also has the ability to modify file timestamps and load DLL binaries from a command-and-control server, as noted by Avast security researcher Luigino Camastra in a recent report. The Kaolin RAT serves as an entry point for the FudModule rootkit, which has been found exploiting a recently patched admin-to-kernel vulnerability in the appid.sys driver (CVE-2024-21338, CVSS score: 7.8). This exploit enables it to gain kernel read/write capabilities and disable security mechanisms. Lazarus Group’s strategy of using job offers for infiltration, known as Operation Dream Job, has a history of successfully employing various social media platforms for this purpose.
Malware / Cyber Threat
Lazarus Group Launches New Kaolin RAT Targeting Individuals in Asia Through Deceptive Job Offers April 25, 2024 Malware / Cyber Threat In a concerning development, the Lazarus Group, a North Korea-linked threat actor, has recently leveraged fake job postings to…