Lazarus Group is a highly notorious North Korea’s state-backed hacker group that is popular for authoring 2017’s WannaCry ransomware attack that affected as many as 300,000 computers all over the world. Now, the group has launched a new Remote Access Trojan (RAT) malware called Dacls affecting both Windows and Linux devices.
Spotted by researchers at Qihoo 360 Netlab, Dacls is the first Linux malware by Lazarus group as the group has previously targeted only Windows and macOS devices.
According to security researchers, “At present, the industry has never disclosed the Lazarus Group’s attack samples and cases against the Linux platform.”
The reason why Dacls has been linked to the Lazarus group is thevagabondsatchel.com download server that was in several previous campaigns of the APT (Advanced Persistent Threat) group.
Credits: Quihoo 360 Netlab
As per security researchers, Dacls can dynamically load plug-ins remotely on affected Windows servers, whereas its Linux version contains all the plug-ins it needs to attack within the bot component.
The malware secures its command and control communication channels using TLS and RC4 double-layer encryption. It deploys the AES encryption technique to encrypt its configuration files.
Dacls exploits the CVE-2019-3396 RCE bug that affects Atlassian Confluence Server installations.
Credits: Qihoo 360 Netlabs
With the help of its plug-ins, Dacls can receive and execute C2 commands, download additional data from the C2 server, perform network connectivity testing, scan random networks on 8291 port, and much more. You can read about all the capabilities of this malware in this report by Qihoo 360 ..
Support the originator by clicking the read the rest link below.
