Kaspersky researchers have revisited an Andariel campaign from 2022, expanding on the commands the attackers used to deploy DTrack and the accompanying post-exploitation tools and malware. Korean-speaking activity Kaspersky researchers observed a Lazarus campaign, active until January 2023, leveraging a backdoored UltraVNC client to deliver an updated BLINDINCAN payload. In early September 2022, the Kaspersky team discovered several malware detections from the MATA cluster, previously attributed to the Lazarus group, targeting defense contractors in Eastern Europe. Backdooring prominent open-source programs is one of the means that the Lazarus group has been using to deliver its malware.