Lazarus Group Using Log4j Exploits to Deploy Remote Access Trojans

The Lazarus Group, a renowned threat actor associated with North Korea, has been connected to a recent worldwide campaign in which compromised sites are targeted and previously unreported remote access trojans (RATs) are installed through opportunistic exploiting of security weaknesses in Log4j.

Under the guise of Operation Blacksmith, Cisco Talos is monitoring the activity and has identified three kinds of DLang-based malware: DLRAT, a downloader known as BottomLoader, and NineRAT, a RAT that uses Telegram for command-and-control (C2).

The cybersecurity company highlighted the adversary’s most recent methods as a clear change and noted that they coincide with the organization known as Andariel, also known as Onyx Sleet or Silent Chollima, which is a subgroup within the Lazarus umbrella.

Lazarus Group Using Log4j Exploits to Deploy Remote Access Trojans

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Lazarus Group Using Log4j Exploits to Deploy Remote Access Trojans

11-Dec-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address