Cisco Talos
We've spotted the #LazarusGroup exploiting a vulnerability in the ManageEngine software to deliver two new trojans https://blog.talosintelligence.com/lazarus-quiterat/
Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT

This is the third documented campaign attributed to this actor in less than a year, with the actor reusing the same infrastructure throughout these operations.

Cisco Talos Blog
Aug 24, 2023 at 12:33pmWeb
Show threadCisco TalosAug 24, 2023
We also published new details about Lazarus Group's shifting TTPs, as they start using more #opensource tools and frameworks in the initial phases of their attacks. This can often make research easier but detection and attribution harder https://blog.talosintelligence.com/lazarus-collectionrat/
Lazarus Group's infrastructure reuse leads to discovery of new malware

Lazarus Group appears to be changing its tactics, increasingly relying on open-source tools and frameworks in the initial access phase of their attacks, as opposed to strictly employing them in the post-compromise phase.

Cisco Talos Blog