Lazarus Group Exploits Log4j Vulnerabilities for Remote Access
Originally Published 2 years ago — by The Hacker News
The Lazarus Group, a North Korea-linked threat actor, has launched a global campaign exploiting security flaws in Log4j to deploy previously undocumented remote access trojans (RATs) on compromised hosts. The campaign, known as Operation Blacksmith, involves the use of DLang-based malware families, including a RAT called NineRAT that utilizes Telegram for command-and-control. The Lazarus Group's tactics overlap with the sub-group Andariel, which is responsible for initial access and espionage activities. The attacks target various sectors, including manufacturing, agriculture, and physical security. The group takes advantage of the widespread use of vulnerable versions of Log4j and employs multiple tools for persistent access.