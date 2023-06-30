Andariel, also known as Silent Chollima and Stonefly, is associated with North Korea’s Lab 110. The lab houses other hacking units including APT38 and other operations tracked under the collective label Lazarus Group. Andariel employed malware called EarlyRat last year in attacks exploiting the Log4j and Log4Shell vulnerabilities.

Kaspersky analyzed the group’s latest attack and found that EarlyRat is disseminated through phishing emails containing false Microsoft Word documents. When unsuspecting users open the files, they are prompted to enable macros that execute VBA code and download the trojan. The malware is designed to remotely execute code, and gather and exfiltrate system information to remote servers. Andariel is known to conduct espionage campaigns against foreign governments and supplement their income with cybercrime activity.

