Memory-safe languages so hot right now, agrees Lazarus Group as it slings DLang malware
The Register – Connor Jones
The key points are:
– Researchers uncovered novel DLang malware used by Lazarus Group in Log4Shell attacks spanning industries worldwide.
– Three strains were identified – NineRAT, BottomLoader, and DLRAT – with NineRAT using Telegram for C2\)
– The attacks form part of “Operation Blacksmith” targeting vulnerabilities like Log4j and are attributed to Lazarus subgroup Andariel.
– NineRAT was first built in May 2022 but only used from March-October 2023, sharing TTPs with prior attacks.
– Moving to memory-safe languages like DLang and Rust is an accelerating trend among cybercriminals.
– Rust is often the preferred choice but DLang was an uncommon selection still offering memory safety.
– While DLang has a garbage collector impacting performance, it provides faster compile times than Rust.
– Western agencies endorse memory-safe languages like Rust which is praised by developers for its performance.
In summary, the article details novel DLang malware strains uncovered in Lazarus Group’s Log4Shell attacks as part of a wider shift toward memory-safe programming languages by threat actors.
Link: https://www.theregister.com/2023/12/11/lazarus_group_edang/