APT / THREAT GROUP
CRAT
2
aliases
Last seen:Mar 17, 2026
Intelligence Profile
According to Cisco Talos, CRAT is a remote access trojan with plugin capabilites, used by Lazarus since at least May 2020.
Threat Analysis
CRAT is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
Intelligence Reports Mentioning CRAT
SEO-Poisoned Software Sites Abuse ScreenConnect to Deploy AsyncRAT
The Hacker News· Jul 1, 2026
The SOC Files: ScreenConnect masked as freeware. An inside look at a large-scale campaign
Securelist (Kaspersky)· Jul 1, 2026
Cybercriminals Use Fake AI Guides and Dev Tools to Spread AsyncRAT Malware
Infosecurity Magazine· Jun 11, 2026
TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO
The Hacker News· May 25, 2026
DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea
The Hacker News· Apr 6, 2026
$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation
The Hacker News· Apr 5, 2026
The democratisation of business email compromise fraud
Cisco Talos Blog· Apr 2, 2026
External References
Quick Facts
TypeAPT / Threat Group
Aliases2
Also Known As
win.cratCRAT
External Intelligence
Malpedia: win.cratResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.