December 12, 2023 By Helga Labus
North Korea-backed group Lazarus has been spotted exploiting the Log4Shell vulnerability (CVE-2021-44228) and novel malware written in DLang (i.e., the memory-safe D programming language).
“This campaign consists of continued opportunistic targeting of enterprises globally that publicly host and expose their vulnerable infrastructure to n-day vulnerability exploitation such as CVE-2021-44228. We have observed Lazarus target manufacturing, agricultural and physical security companies,” Cisco Talos researchers shared.
Log4Shell still opens doors
Log4Shell is a critical remote code execution (RCE) vulnerability in Apache Log4j – a popular and widely used Java logging library – that was discovered and privately disclosed in late November, 2021, patched on December 6, and quickly started getting exploited by attackers.
Two years later, 38 percent of applications still use a vulnerable version of Log4j, according to Veracode.