Lazarus hackers are using Log4j to hack US energy companies

By Scott Marlette Last updated Sep 9, 2022

Energy providers from around the world, including the United States, Canada, and Japan, have reportedly been targeted by state-sponsored North Korean hacker group Lazarus, also known as APT38.

According to Cisco’s Talos Intelligence group (opens in new tab), the campaign intends to infiltrate organizations around the world in the interests of establishing long-term access and subsequently exfiltrating data of interest to the nation-state.

Although the precise targets have remained unnamed, the attacks once again show the threat that North Korea and Lazarus can pose via destabilization efforts.

How did the attack work?

According to Talos, this campaign involved the exploitation of vulnerabilities in the VMWare Horizon virtual desktop product to gain an initial foothold in targeted organizations.

After gaining successful entry into the targeted enterprise networks, the group then deployed custom malware implants including the HTML bots VSingle and YamaBot.

In addition to these known malware families, they also claimed to discover the use of a previously unknown malware implant called “MagicRAT.”

Inital entry in the organizations was reportedly made using Log4Shell (CVE-2021-44228), a zero-day vulnerability in Log4j, a popular Java logging framework, which involves arbitrary code execution.

Cybersecurity company Tenable has previously dubbed Log4Shell “the single biggest, most critical vulnerability ever”.

This wouldn’t be the first time North Korea has been implicated in attacks on foreign powers; security researchers at Kaspersky Lab have linked North Korea to the Wannacry ransomware attack which disable 300,000 computers in 150 countries and caused the UK’s NHS unprecedented issues.

Since it was founded in 2010, the Lazarus group has certainly been keeping busy if nothing else. Lately, it’s been turning its attention towards the world of blockchains and DeFi.

Lazarus was linked to an attack on the Ronin sidechain worth $615 million, which powers the popular blockchain-integrated game Axie Infinity, which is known as one of the largest DefI hacks to date.

Scared of hackers infiltrating your organization? Check out our guide to the best endpoint protection.

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.