Researchers warn Lazarus threat actors still exploit known Log4j vulnerability to infect devices with new DLang malware strains.
The new campaign, dubbed Operation Blacksmith, became active on March 23.
Hackers target manufacturing, agricultural, and physical security companies that failed to apply existing patches against Log4Shell vulnerability.
Researchers revealed Lazarus used two new remote access trojans named NineRAT and DLRAT for their recent attacks.
The attackers also used BottomLoader, which is a malware downloader.
NineRAT. Lazarus' first novel RAT uses the Telegram API for command and control communications.
DLRAT. The second Lazarus RAT works as both a trojan and a downloader.
Further on it enhances Lazarus's capabilities for data exfiltration and system control.
The Log4Shell vulnerability, tracked CVE-2021-44228, is a critical security flaw in Apache Log4j, a widely used logging utility in Java applications.
Although patches are available since 2021, the Log4j vulnerability is still a threat to companies.
Patching IT systems running numerous applications that use different versions of Log4j is challenging.
For companies that use third-party applications that incorporate Log4j the job is even harder.
They must rely on these third-party vendors to release patches.
Older systems that are still in use are not always compatible with the updated, patched versions of Log4j.
Updating these systems could lead to breaking critical functionalities.
Smaller or limited IT security resources companies don't have the capacity or expertise to quickly identify and mitigate the vulnerability.
Some might still not acknowledge how seriously this vulnerability could impact their business.
The safest and fastest way to keep all the software on all devices up to date is using an automated patch management solution.
Follow the patch management best practices to close critical vulnerabilities in your organization and keep safe from Log4j exploits.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.
This Cyber News was published on heimdalsecurity.com. Publication date: Thu, 14 Dec 2023 14:43:05 +0000