Our experts investigated the activity of Andariel, believed to be a subgroup of the Lazarus APT group. Cybercriminals use DTrack malware and Maui ransomware to attack businesses worldwide. As it’s typical for Lazarus, the group attacks for financial gain — this time through ransom demands.

Targets of Andariel attacks

Our experts concluded that, instead of focusing on any particular industry, the Andariel group is ready to attack any company. In June, the US Cybersecurity and Infrastructure Security Agency (CISA) reported that Maui ransomware targets mainly companies and government organizations in the US healthcare sector. However, our team also detected at least one attack on a housing company in Japan, as well as several victims in India, Vietnam and Russia.