- Cisco Talos has discovered a new remote access trojan (RAT) we're calling "MagicRAT," developed and operated by the Lazarus APT group, which the U.S. government believes is a North Korean state-sponsored actor.
- Lazarus deployed MagicRAT after the successful exploitation of vulnerabilities in VMWare Horizon platforms.
- We've also found links between MagicRAT and another RAT known as "TigerRAT," disclosed and attributed to Lazarus by the Korean Internet & Security Agency (KISA) recently.
- TigerRAT has evolved over the past year to include new functionalities that we illustrate in this blog.
4818 links
