The North Korean cyber threat group known as Andariel, a sub-cluster of the Lazarus Group, has ramped up its cyber attacks on organizations in South Korea, deploying a variety of malicious tools, some developed in the Go programming language. This revelation comes from a detailed report by AhnLab Security Emergency Response Center (ASEC).
Andariel, which has been active since at least 2008, primarily targets sectors like financial institutions, defense contractors, government agencies, universities, cybersecurity vendors, and energy companies. The group seeks to fund its espionage activities and generate illicit revenue for North Korea. Andariel’s attacks encompass a wide range of initial infection vectors, including spear-phishing, watering holes, and supply chain attacks, allowing them to deliver different malicious payloads.
Some of the notable malware families employed by Andariel include Gh0st RAT, DTrack, Goat RAT, Black RAT, and DurianBeacon, each tailored for specific malicious tasks. The group’s attacks have evolved over time, shifting from national security-focused campaigns to financially motivated activities.