The Andariel APT group targeted South Korean companies with keyloggers, infostealers, & proxy tools, deploying Nestdoor backdoors and web shells, alongside a Lazarus group-linked proxy tool; malware like Nestdoor allow remote control, and attackers disguised malware as 'OpenVPN Installer.exe'; in addition, Dora RAT and a file stealer were used for keylogging, clipboard logging, and file theft, demonstrating a high level of coordination and persistence; Lazarus Group's proxy tools have been consistently utilized since 2014, including a proxy similar to Kaspersky's ThreadNeedle. ```
https://cybersecuritynews.com/apt-attacks-manufacturers-tools/