Security News > 2023 > December > Lazarus hackers drop new RAT malware using 2-year-old Log4j bug
The notorious North Korean hacking group known as Lazarus continues to exploit CVE-2021-44228, aka "Log4Shell," this time to deploy three previously unseen malware families written in DLang.
The new malware are two remote access trojans named NineRAT and DLRAT and a malware downloader named BottomLoader.
The D programming language is rarely seen in cybercrime operations, so Lazarus probably chose it for new malware development to evade detection.
Following the compromise, Lazarus sets up a proxy tool for persistent access on the breached server, runs reconnaissance commands, creates new admin accounts, and deploys credential-stealing tools like ProcDump and MimiKatz.
Microsoft: Lazarus hackers breach CyberLink in supply chain attack.
Lazarus hackers breached dev repeatedly to deploy SIGNBT malware.
News URL
Related news
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- FIN7 hackers launch deepfake nude “generator” sites to spread malware (source)
- N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware (source)
- New Malware Campaign Uses PureCrypter Loader to Deliver DarkVision RAT (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Unpatched Mazda Connect bugs let hackers install persistent malware (source)
- Cybercriminals Use Excel Exploit to Spread Fileless Remcos RAT Malware (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-10 | CVE-2021-44228 | Deserialization of Untrusted Data vulnerability in multiple products Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. network low complexity apache siemens intel debian fedoraproject sonicwall netapp cisco snowsoftware bentley percussion apple CWE-502 critical | 10.0 |