Moreover, the RAT’s command-and-control (C2) infrastructure serves as a conduit for hosting newer variants of known Lazarus implants, such as TigerRAT. In September 2022, cybersecurity researchers at Cisco Talos made a significant discovery: a new Remote Access Trojan (RAT) dubbed “MagicRAT.” This malicious tool, attributed with moderate confidence to the Lazarus Group, a state-sponsored Advanced Persistent Threat (APT) associated with North Korea by the U.S. Lazarus leveraged these vulnerabilities as entry points to compromise targeted systems. Connections between MagicRAT and another RAT known as TigerRAT, previously disclosed and attributed to Lazarus by the Korean Internet & Security Agency (KISA), further underscore the group’s relentless pursuit of innovation and adaptation.