KOREA NEWS North Korean hacking ops continue to exploit Log4Shell

North Korean hacking ops continue to exploit Log4Shell


- Advertisment -

Two years after the Log4j vulnerability was revealed, North Korean hackers are continuing to use the flaw in a ubiquitous piece of open source software to carry out attacks as part of a hacking campaign targeting manufacturing, agricultural and physical security entities, according to research released Monday.

Carried out over the course of 2023 and described in a report released by Cisco’s Talos Intelligence Group on Monday, the campaign employed at least three new malware families and relied, in part, on the Log4Shell exploit, highlighting the long tail of the Log4j vulnerability and how failure to patch the flaw is providing a ready tool to malicious hackers.

The campaign was the work of one of a plethora of North Korean hacking units operating under the broad Lazarus umbrella, a term industry and government researchers use to refer to the array of North Korean government hacking operations that engage in everything from cyberespionage to cryptocurrency thefts, ransomware and supply chain attacks.

The Log4j vulnerability has “been extensively exploited by the Lazarus umbrella of [advanced persistent threat] groups to deploy a multitude of malware, dual-use tools and conduct extensive hands-on-keyboard activity,” the researchers wrote.

The research is another reminder of the prolific nature of North Korean-linked cyber operations that have targeted South Korea, the U.S. and entities around the world for years. On Dec. 1, the U.S. government announced sanctions on Kimsuky, a premiere North Korean cyberespionage unit that also carries out financially motivated cybercrime to both fund itself and generate money for the government.

The campaign, dubbed “Operation Blacksmith,” employed at least three new malware families written in DLang, a less common programming language. Its use continues a shift among North Korean hacking campaigns toward the use of more obscure programming languages over the past year and a half, the researchers said.

Observed between March and September of 2023, the campaign consisted of “continued opportunistic targeting of enterprises around the world that publicly host and expose their vulnerable infrastructure to n-day vulnerability exploitation such as [Log4j],” the researchers wrote.

The operation involved a pair of remote access trojans, one of which used Telegram bots and channels for command and control, the researchers said.

The researchers found some overlap between Operation Blacksmith and attacks that Microsoft disclosed in October involving a North Korean hacking operation known as Onyx Sleet, or Andariel, that exploited a vulnerability in the JetBrains TeamCity server software first disclosed in September 2023.

A July 2022 Cybersecurity and Infrastructure Security Agency advisory flagged Andariel activity that included ransomware attacks on hospitals and health care facilities in the U.S., the Talos researchers noted.

Written by AJ Vicens

AJ covers nation-state threats and cybercrime. He was previously a reporter at Mother Jones. Get in touch via Signal/WhatsApp: (810-206-9411).


Please enter your comment!
Please enter your name here

Latest news

Kim Kardashian wears sexy knitted black dress as she joins Hollywood stars Cher, Tom Brady and Sylvester Stallone at grand opening of the new...

Kim Kardashian made a low-key arrival at the launch of the launch of Fontainebleau Las Vegas — the newest upscale resort in...

Nifty Today | Share Market Live Updates: Sensex surges 850 pts; Nifty tops 21,400; TCS, Infy, HCL Tech lead

Nifty Today | Share Market Live Updates: India's key stock indices are seeing strong gains, hitting new...

Popularity is still on the rise for the only two Paralympic exclusive sports

One sport is hundreds, possibly thousands, of years old while the other is a relative newcomer. Nevertheless, they do have...
- Advertisement -

In South Korea, more young people say marriage ‘not necessary’ as nation’s birth rates plummet

“I don’t like either scenario. I will make a living for myself and myself alone is enough,” he said.Children...

Must read

- Advertisement -

You might also likeRELATED
Recommended to you