Lazarus Group Targets Internet Infrastructure and Healthcare with 'QuiteRAT' Malware
QuiteRAT, the North-Korea-Backed group’s new malware, exploits a 2022 ManageEngine ServiceDesk vulnerability
Coverage of reported Lazarus-linked intrusions, infrastructure, disruption efforts, and defensive guidance that helps explain cybersecurity risks.
Search across headline titles and summaries.
Background for this topic.
Lazarus is a name used by security researchers and public authorities for a suspected, loosely defined intrusion set associated with multiple malware and cyber-espionage operations. The label may cover related but not identical activity, and attribution can change as technical evidence is reassessed. Public reporting has connected the name to incidents involving credential theft, malicious software, theft of funds, and disruptive attacks; those reports should not automatically be treated as proof that every campaign sharing similar tooling has the same operator.
For defenders, coverage under this tag is most useful when it identifies the initial access path, affected software, infrastructure, and evidence supporting attribution. Practical priorities include phishing-resistant multifactor authentication for privileged and remote access, prompt remediation of exploited internet-facing systems, application allowlisting for sensitive environments, and monitoring for unusual authentication, scripting, and outbound connections. During a suspected intrusion, preserve endpoint, identity, email, and network logs before containment changes evidence, then scope for stolen credentials and persistence across connected systems.
QuiteRAT, the North-Korea-Backed group’s new malware, exploits a 2022 ManageEngine ServiceDesk vulnerability
The North Korea-linked threat actor known as Lazarus Group has been observed exploiting a now-patched critical security flaw impacting Zoho ManageEngine ServiceDesk Plus to distribute a remote access trojan called such as QuiteRAT
The North Korean state-backed hacker group tracked as Lazarus has been exploiting a critical vulnerability (CVE-2022-47966) in Zoho's ManageEngine ServiceDesk to compromise an internet backbone infrastructure provider and healthcare organizations. [...]
The world's most notorious threat actor is using an unprecedented tactic for sneaking spyware into the IT networks of important companies.
The most recent stolen bitcoin comes just after three major operations occurred in June, with millions stolen in each heist.
Those weapons programs aren't going to fund themselves Lazarus Group, the infamous cryptocurrency thieves backed by North Korea, may try to liquidate a stash of stolen Bitcoin worth more than $40 million, according to the FBI.…
The U.S. Justice Department charged two Tornado Cash founders with helping criminals, including the notorious North Korean Lazarus hacking group, launder over $1 billion worth of stolen cryptocurrency through their decentralized crypto mixing service. [...]
The FBI warned that North Koreans are likely readying to cash out tens of millions worth of stolen cryptocurrency out of hundreds of millions stolen in the last year alone. [...]