Lazarus APT group - A quick history
Also known as the HIDDEN COBRA, the Lazarus APT group is said to have surged in 2014 and 2015.
The newly spotted malware, Dacls, is supposedly the first malware the group has used to target Linux systems.
The malware details
The Dacls RAT can perform several functions including network scanning, command execution, file management, process management, and more.
Researchers at Qihoo 360 Netlab, who spotted the malware, speculate that the Lazarus APT group is exploiting the CVE-2019-3396 vulnerability to inject the Dacls malware on unpatched Confluence servers.
What can users do?
Confluence users are recommended to patch their systems as soon as possible to avoid threats from the Dacls RAT.
Apart from this, users can check if they’ve been already infected by the malware. The IoCs provided by researchers can also be monitored and blocked as precautionary measures.