Lazarus Deploys RemotePE — Memory‑Only RAT Targeting Financial and Crypto Firms

Colleagues, note: Lazarus is using RemotePE — a memory‑only RAT — against financial and crypto organizations.
Briefly:
- Fox‑IT reports RemotePE is delivered via two loaders: DPAPILoader (DPAPI decryption) and RemotePELoader, which loads and executes the module in memory.
- RemotePE supports command-and-control, file and process operations; evasion uses Hell's Gate and ETW patches.
- Delivery: targeted social‑engineering (Telegram, fake Calendly/Picktime); tool in development since 2023.
Why it matters: memory‑only execution and low footprint enable prolonged stealth in high‑value targets.
What are you doing to defend against such attack chains?
#cybersecurity #Lazarus #financialsecurity


Latest comments
No comments yet.