Beware of newly uncovered malware campaigns linked to North Korea’s notorious Lazarus hacking group.
Cisco Talos researchers found Lazarus exploiting the Log4Shell vulnerability using some previously unknown remote access trojans (RATs). They’re calling it Operation Blacksmith.
The malware uses an uncommon programming language called DLang, likely to fly under the radar. Clever but sinister!
There’s two RATs – NineRAT and DLRAT. NineRAT uses Telegram for command and control. DLRAT is a downloader called BottomLoader.
NineRAT first appeared in May 2022 and was used against an agricultural org in South America. DLRAT hit a European manufacturer in September.
Lazarus has been active since around 2010, targeting government, military, finance, healthcare and more. Goals include espionage, theft, and supporting North Korean objectives.
This campaign continues to target victims who haven’t patched Log4Shell on Internet-facing systems. A reminder to urgently apply security updates!
Kudos to Talos for unmasking the operation. But it highlights how sophisticated hackers like Lazarus quickly leverage new vulnerabilities.
Constant vigilance is key, especially with crafty groups like this. Log4Shell may be old news, but dangers linger without patching.