Lazarus Group Expands Malware Arsenal with New RAT Families

The Lazarus Group, a North Korea–linked advanced persistent threat (APT), has introduced three new malware families — PondRAT, ThemeForestRAT, and RemotePE — into its operational toolkit.

The emergence of these tools underscores a broader strategic shift by Lazarus: leveraging enhanced persistence, accelerated lateral movement, and a heightened focus on espionage to reinforce its operational advantage. By actively developing techniques that bypass traditional endpoint defences, the group is extending dwell time within high-value environments such as financial institutions, defence contractors, and critical infrastructure operators. This evolution demonstrates Lazarus’s capacity to outpace conventional detection models and adapt rapidly to advancing security controls.

This advisory details the technical capabilities of these malware families, outlines their strategic implications, and provides actionable recommendations for security leaders to strengthen their defensive posture.