The Dacls remote access trojan that is capable of attacking Windows, Linux and macOS environments has been used to distribute VHD ransomware and to target customer databases for attempted exfiltration, according to researchers.
Kaspersky on Wednesday revealed this latest intel on Dacls in a company blog post and corresponding press release that also detailed an array of plug-ins used by the malware framework, which has been linked to North Korean state-sponsored hackers.
Victims of Dacls, which Kaspersky refers to as MATA, have included a software development company, an e-commerce company and an internet service provider, the blog post states. Kaspersky has identified victims in Poland, Germany, Turkey, Korea, Japan and India.
Kaspersky has further corroborated the greater research community’s assertion that Dacls is the work of reputed North Korean APT actor Lazarus Group, aka Hidden Cobra, based on the presence of two filenames and a configuration structure that were previously associated with another Lazarus malware called dacls goals steal customer spread ransomware
