Security experts from Netlab 360 have uncovered a new Remote Access Trojan (RAT) used on Linux and Windows operating systems – currently being used in the wild by exploiting a known code execution vulnerability. Dubbed Dacls, the malware was in use since at least May this year and is attributed to the North Korean advanced persistent threat group Lazarus, also known as Hidden Cobra, Guardians of Peace, or Zinc. Learn more:
Netlab 360 researchers have found a suspicious .ELF file in at the end of October, and initially thought that it is a part of a malicious unknown botnet. However, a further investigation proved connections to the Lazarus APT:
Lazarus hacking group is believed to be funded by the North Korean government and is responsible for such high-profile attacks like Sony's Operation Blockbuster in 2014, as well as a global outbreak of WannaCry ransomware infections in 2017. Although the APT is known to be leveraging already established malware like Trickbot or Mimikatz, it is also capable of creating its own RATs, as in the case with Dacls.