The North Korean sponsored advanced persistent threat (APT) Lazarus Group has been targeting energy providers across the world since February 2022 and employing new malware in their attacks, according to security researchers at Cisco Talos. Lazarus Group threat actors gain initial access via the exploitation of the Log4j vulnerability on exposed VMware Horizon servers. After gaining initial access, the attackers establish persistence on the victim networks’, conduct lateral movement, and deploy malware. One new malware tool used in the campaign, dubbed MagicRAT, is a remote access trojan that allows adversaries to maintain persistence, deploy additional payloads, and evade detection and analysis by security software and human defenders, among other uses. According to Cisco, the goal of the attackers is to “infiltrate organizations around the world for establishing long term access and subsequently exfiltrating data of interest to the adversary's nation-state.” Access the full report at Cisco or read a relevant article here.