Defense and manufacturing organizations across South Korea have been subjected to attacks deploying the new Xctdoor malware through a hacked South Korean enterprise resource planning software update server, echoing a technique previously leveraged by North Korean state-sponsored advanced persistent threat operation and Lazarus Group sub-cluster Andariel to facilitate the delivery of the HotCroissant and Riffdoor backdoors, according to The Register.
This post was originally published on the 3rd party site mentioned in the title of this this site