<\/a><\/figure><\/div>\n\n\nAnother case detailed by the researchers took place in April 2024, when the Andariel hacking group exploited vulnerabilities in domestic VPN and server security software to distribute remote control malware, DoraRAT, to construction and machinery companies. The attackers manipulated the VPN client-server communication protocol to disguise malicious update files as legitimate ones. The compromised VPN client mistakenly accepted these files, leading to the execution of DoraRAT.<\/gwmw><\/p>\n\n\n\n
“The remote control malware (DoraRAT) used in the attack was simple and lightweight, focusing on basic functions like file upload\/download and command execution. It was distributed using a watering hole technique, which increased its exposure. Unlike more sophisticated APT malware, DoraRAT had minimal functionality. Additionally, a file-stealing variant was identified, capable of exfiltrating large files related to machinery and equipment design.” continues the joint advisory. “Andariel also exploited vulnerabilities in server security products, demonstrating a trend of targeting IT management software for mass infections due to their high-level access and control.”<\/em><\/p>\n\n\n\n
Below are the mitigations provided by North Korean authorities:<\/p>\n\n\n\n