Lazarus Group Exploits Log4j Bug with New RAT Malware
The Lazarus hacking group, believed to be based in North Korea, is exploiting the Log4j vulnerability to deploy new malware, including two remote access trojans (RATs) named NineRAT and DLRAT, as well as a malware downloader called BottomLoader. The use of the D programming language is unusual and likely chosen to evade detection. The campaign, dubbed "Operation Blacksmith," began in March 2023 and targets manufacturing, agricultural, and physical security companies globally. Lazarus' tactics and tools continue to evolve, demonstrating the group's adaptability. The malware allows for command and control communication via Telegram and supports various commands for information gathering, file exfiltration, and system manipulation. Cisco Talos researchers suspect that Lazarus may share collected data with other advanced persistent threat (APT) groups.
- Lazarus hackers drop new RAT malware using 2-year-old Log4j bug BleepingComputer
- Lazarus Group Using Log4j Exploits to Deploy Remote Access Trojans The Hacker News
- Memory-safe languages so hot right now, agrees Lazarus Group as it slings DLang malware The Register
- North Korean hacking ops continue to exploit Log4Shell CyberScoop
- North Korean Hackers Developing Malware in Dlang Programming Language SecurityWeek
Reading Insights
0
1
2 min
vs 4 min read
80%
613 → 121 words
Want the full story? Read the original article
Read on BleepingComputer