Security News > 2023 > December > Lazarus hackers drop new RAT malware using 2-year-old Log4j bug
The notorious North Korean hacking group known as Lazarus continues to exploit CVE-2021-44228, aka "Log4Shell," this time to deploy three previously unseen malware families written in DLang.
The new malware are two remote access trojans named NineRAT and DLRAT and a malware downloader named BottomLoader.
The D programming language is rarely seen in cybercrime operations, so Lazarus probably chose it for new malware development to evade detection.
Following the compromise, Lazarus sets up a proxy tool for persistent access on the breached server, runs reconnaissance commands, creates new admin accounts, and deploys credential-stealing tools like ProcDump and MimiKatz.
Microsoft: Lazarus hackers breach CyberLink in supply chain attack.
Lazarus hackers breached dev repeatedly to deploy SIGNBT malware.
News URL
Related news
- APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign (source)
- Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware (source)
- Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection (source)
- North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign (source)
- Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware (source)
- Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-10 | CVE-2021-44228 | Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. network low complexity apache siemens intel debian fedoraproject sonicwall netapp cisco snowsoftware bentley percussion apple critical | 10.0 |