Volexity cybersecurity experts: The North Korea’s APT uses a fake trading website, that mimic a legit one, and DLL Side-loading to distribute the malware.
Chaos is a new go-based malware for Windows and Linux. Black Lotus Labs cybersecurity experts: It propagates through known CVEs and brute forced as well as stolen SSH keys. It is the evolution Kaiji
Chaos is a new go-based malware, developed for both Windows and Linux, as well as a wide array of software architectures used in devices ranging from small office/home office (SOHO) routers to enterprise servers. Black Lotus Labs cybersecurity experts discovered it. The malicious code propagates through known CVEs and brute forced as well as stolen SSH keys. It is the evolution of the DDoS malware Kaiji. As Chaos is installed on adevice, it establishes persistence and beacons out to the embedded C2. The host then receives one or more staging commands: these include commands to initialize propagation through exploiting a known CVE, to automatically propagate through SSH via brute-forcing or leveraging stolen SSH keys and to begin IP spoofing. Based on the first set of commands, the host may receive a number of additional execution commands including performing propagation via the designated CVE and specified target lists, further exploitation of the current target, launching a specific type of DDoS attack against a specified domain or IP and port, and performing crypto mining.