Security News > 2023 > December > Lazarus hackers drop new RAT malware using 2-year-old Log4j bug

Lazarus hackers drop new RAT malware using 2-year-old Log4j bug
2023-12-11 21:25

The notorious North Korean hacking group known as Lazarus continues to exploit CVE-2021-44228, aka "Log4Shell," this time to deploy three previously unseen malware families written in DLang.

The new malware are two remote access trojans named NineRAT and DLRAT and a malware downloader named BottomLoader.

The D programming language is rarely seen in cybercrime operations, so Lazarus probably chose it for new malware development to evade detection.

Following the compromise, Lazarus sets up a proxy tool for persistent access on the breached server, runs reconnaissance commands, creates new admin accounts, and deploys credential-stealing tools like ProcDump and MimiKatz.

Microsoft: Lazarus hackers breach CyberLink in supply chain attack.

Lazarus hackers breached dev repeatedly to deploy SIGNBT malware.


News URL

https://www.bleepingcomputer.com/news/security/lazarus-hackers-drop-new-rat-malware-using-2-year-old-log4j-bug/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-12-10 CVE-2021-44228 Deserialization of Untrusted Data vulnerability in multiple products
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints.
10.0