Lazarus Group's infrastructure reuse leads to discovery of new malware

• In the Lazarus Group’s latest campaign, which we detailed in a recent blog, the North Korean state-sponsored actor is exploiting CVE-2022-47966, a ManageEngine ServiceDesk vulnerability to deploy multiple threats. In addition to their “QuiteRAT” malware, which we covered in the blog, we also discovered Lazarus Group using a new threat called “CollectionRAT.”
  
  


• CollectionRAT has standard remote access trojan (RAT) capabilities, including the ability to run arbitrary commands on an infected system. Based on our analysis, CollectionRAT appears to …

actor addition blog campaign cve cve-2022-47966 deploy discovery exploiting infrastructure latest lazarus lazarus group malware manageengine north north korean reuse sponsored state threat threats vulnerability