LilacSquid, dubbed UAT-4820, targets IT, energy, and pharmaceutical sectors globally, using methods akin to North Korean APT groups like Andariel and Lazarus.
LilacSquid exploits vulnerable web applications, then deploys MeshAgent via bitsadmin to maintain access, possibly sharing tools with Lazarus. Organizations across the U.S., Europe, and Asia are affected.
[
add
]
[
|
|
...
]