Lazarus Group Using Log4j Exploits to Deploy Remote Access Trojans

11-Dec-23

The Lazarus Group, a renowned threat actor associated with North Korea, has been connected to a recent worldwide campaign in which compromised sites are targeted and previously unreported remote access trojans (RATs) are installed through opportunistic exploiting of security weaknesses in Log4j.


Under the guise of Operation Blacksmith, Cisco Talos is monitoring the activity and has identified three kinds of DLang-based malware: DLRAT, a downloader known as BottomLoader, and NineRAT, a RAT that uses Telegram for command-and-control (C2).


The cybersecurity company highlighted the adversary’s most recent methods as a clear change and noted that they coincide with the organization known as Andariel, also known as Onyx Sleet or Silent Chollima, which is a subgroup within the Lazarus umbrella.


Read More…