Lazarus APT unveils fileless remote access Trojan designed to evade detection

Lazarus APT Group uses a fileless remote access Trojan (RAT) to evade detection, targeting organizations with a memory-only attack that leaves minimal forensic traces. This stealthy malware is designed to infiltrate systems undetected, posing a significant threat to financial institutions and cryptocurrency exchanges. The attack vector is likely via spear phishing or exploit kits.

1. The fileless RAT is designed to operate in memory only, using Windows API calls to interact with the system, making it difficult to detect.
2. The attack is likely targeted at financial institutions and cryptocurrency exchanges, which have been previously compromised by Lazarus APT.
3. The malware uses a stealthy attack chain, including initial access via spear phishing or exploit kits, followed by lateral movement and data exfiltration.
4. Detection opportunities may arise from monitoring for suspicious API calls, registry modifications, or network traffic patterns.

T1204.001 User Execution, T1566.001 Spearphishing Attachment, T1210 Exploit Public-Facing Application

Lazarus APT, fileless RAT, memory-only attack, Windows API calls, registry modifications, network traffic patterns

Implement memory-based detection and monitoring tools, such as process monitoring and API call logging, to identify suspicious activity. Additionally, ensure that all systems and applications are up-to-date with the latest security patches.