Not SimonMar 19, 2024

ASEC reports on activity by North Korean state-sponsored APT Andariel Group (publicly attributed to the DPRK Reconnaissance General Bureau by the US Treasury) against South Korean companies. AndarLoader and Modeloader (described as JavaScript malware) are downloaders used to take control and install Mimikatz for credential stealing. MeshAgent is (potentially unwanted application) abused as remote monitoring and management (RMM). ASEC describes a lot of TTPs that could be mapped to MITRE ATT&CK. IOC provided. 🔗 https://asec.ahnlab.com/en/63192/

#NorthKorea #cyberespionage #APT #Andariel #RGB #Modeloader #AndarLoader #MeshAgent #threatintel #IOC

Andariel Group Exploiting Korean Asset Management Solutions (MeshAgent) - ASEC BLOG

AhnLab Security Emergency response Center

ASEC BLOG
lazarusholicMar 19, 2024
"Andariel Group Exploiting Korean Asset Management Solutions (MeshAgent)" published by Ahnlab. #ModeLoader, #Andariel, #AndarLoader, #MeshAgent, #CTI, #OSINT, #LAZARUS https://asec.ahnlab.com/en/63192/
Andariel Group Exploiting Korean Asset Management Solutions (MeshAgent) - ASEC BLOG

AhnLab Security Emergency response Center

ASEC BLOG
lazarusholicMar 11, 2024
"국내 자산 관리 솔루션을 악용하여 공격 중인 Andariel 그룹 (MeshAgent)" published by Ahnlab. #ModeLoader, #Andariel, #AndarLoader, #MeshAgent, #CTI, #OSINT, #LAZARUS https://asec.ahnlab.com/ko/62771/
국내 자산 관리 솔루션을 악용하여 공격 중인 Andariel 그룹 (MeshAgent) - ASEC BLOG

AhnLab Security Emergency response Center

ASEC BLOG