Cisco Talos has discovered a new remote access trojan (RAT) we're calling "MagicRAT," developed and operated by the Lazarus APT group, which the U.S. government believes is a North Korean state-sponsored actor.
Lazarus deployed MagicRAT after the successful exploitation of vulnerabilities in VMWare Horizon platforms.
We've also found links between MagicRAT and another RAT known as "TigerRAT," disclosed and attributed to Lazarus by the Korean Internet & Security Agency (KISA) recently.
TigerRAT has evolved over the past year to include new functionalities that we illustrate in this blog.