Lazarus targets nuclear-related organization with new malware | Securelist

Lazarus group targets nuclear-related organization with new and old malware, including MISTPEN, LPEClient, RollMid, CookieTime, and a new modular backdoor, CookiePlus. The infection chain involves a trojanized VNC utility, a downloader, a loader, and a backdoor, showcasing the group’s evolving delivery and persistence methods. CookiePlus, a new plugin-based malware, can download both DLLs and shellcode, highlighting Lazarus’s adaptability and evasion techniques.