Lazarus Group Is Still Juicing Log4Shell, Using RATs Written in ‘D’>
Dark Reading – Nate Nelson
The key points are:
– North Korean threat group Lazarus is still exploiting Log4Shell to gain initial access over two years later due to its widespread impact.
– Its Andariel subgroup has used Log4Shell to deploy new custom RAT malware written in the D programming language against targets in South America, Europe and South Korea.
– The new RATs observed include NineRAT, DLRAT and BottomLoader for C2 communications, downloading additional malware and executing commands.
– Writing custom malware in obscure languages like D helps evade detection since defenses are less likely to be trained for such tools.
– Lazarus stands out for its prolific development of bespoke malware instead of relying solely on living-off-the-land techniques.
– Their novel malware requires extra vigilance since it can circumvent some protections focused on common languages and signatures.
– Log4Shell remains a risk as many systems may still have vulnerable dependencies two years later.
In summary, the article discusses Lazarus’ ongoing exploitation of Log4Shell to deploy new D-language RATs as part of its evasive malware development practices.
Link: https://www.darkreading.com/threat-intelligence/lazarus-group-still-juicing-log4shell-rats-written-d