AhnLab Security Intelligence Center (ASEC) recently confirmed that the Andariel group carried out APT attacks on domestic companies and institutions. The targeted organizations included manufacturing companies, construction firms, and educational institutions. The attackers employed backdoors, keyloggers, infostealers, and proxy tools to control the infected systems and steal data. In this attack, malicious codes previously associated with the Andariel group were identified, such as Nestdoor, a backdoor malware. Additionally, web shells were detected. Although not identical, the proxy tool used in past Lazarus group attacks was also employed in this incident.

Click for details.