Lazarus hackers are using Log4j to hack US energy companies

security
(Image credit: Shutterstock / Song_about_summer)

Energy providers from around the world, including the United States, Canada, and Japan, have reportedly been targeted by state-sponsored North Korean hacker group Lazarus, also known as APT38.

According to Cisco's Talos Intelligence group, the campaign intends to infiltrate organizations around the world in the interests of establishing long-term access and subsequently exfiltrating data of interest to the nation-state.

Although the precise targets have remained unnamed, the attacks once again show the threat that North Korea and Lazarus can pose via destabilization efforts.

How did the attack work?

According to Talos, this campaign involved the exploitation of vulnerabilities in the VMWare Horizon virtual desktop product to gain an initial foothold in targeted organizations.

After gaining successful entry into the targeted enterprise networks, the group then deployed custom malware implants including the HTML bots VSingle and YamaBot.

In addition to these known malware families, they also claimed to discover the use of a previously unknown malware implant called "MagicRAT."

Inital entry in the organizations was reportedly made using Log4Shell (CVE-2021-44228), a zero-day vulnerability in Log4j, a popular Java logging framework, which involves arbitrary code execution.

Cybersecurity company Tenable has previously dubbed Log4Shell "the single biggest, most critical vulnerability ever".

This wouldn't be the first time North Korea has been implicated in attacks on foreign powers; security researchers at Kaspersky Lab have linked North Korea to the Wannacry ransomware attack which disable 300,000 computers in 150 countries and caused the UK's NHS unprecedented issues. 

Since it was founded in 2010, the Lazarus group has certainly been keeping busy if nothing else. Lately, it's been turning its attention towards the world of blockchains and DeFi.

Lazarus was linked to an attack on the Ronin sidechain worth $615 million,  which powers the popular blockchain-integrated game Axie Infinity, which is known as one of the largest DefI hacks to date.

  • Scared of hackers infiltrating your organization? Check out our guide to the best endpoint protection.

Will McCurdy has been writing about technology for over five years. He has a wide range of specialities including cybersecurity, fintech, cryptocurrencies, blockchain, cloud computing, payments, artificial intelligence, retail technology, and venture capital investment. He has previously written for AltFi, FStech, Retail Systems, and National Technology News and is an experienced podcast and webinar host, as well as an avid long-form feature writer.

Read more
Image depicting a hand on a scanner
New Lazarus Group campaign sees North Korean hackers spreading undetectable malware through GitHub and open source packages
Hacker silhouette working on a laptop with North Korean flag on the background
North Korean Lazarus hackers are targeting nuclear workers
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
North Korean Lazarus hackers launch large-scale cyberattack by cloning open source software
North Korean flag with a hooded hacker
North Korean hackers are posing as software development recruiters to target freelancers
Hacker silhouette working on a laptop with North Korean flag on the background
North Korean hackers are targeting LinkedIn jobseekers with new malware - here's how to stay safe
A digital representation of a lock
Looking for a new job? Watch out you don't fall for this new malware scam
Latest in Security
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Code Skull
US government warns Medusa ransomware has hit hundreds of critical infrastructure targets
An American flag flying outside the US Capitol building against a blue sky
The FCC is creating a security council to bolster US defenses against cyberattacks
Latest in News
Man using iMessage on an iPhone
Apple will finally enable encrypted RCS messages between iOS and Android, and it's about time
Jason Sudeikis' Ted Lasso pointing at someone in Ted Lasso season 2
Believe it, baby: Ted Lasso season 4 is officially in development for Apple TV+ and Jason Sudeikis will reprise his role as the titular soccer coach
Quordle on a smartphone held in a hand
Quordle hints and answers for Saturday, March 15 (game #1146)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Saturday, March 15 (game #377)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Saturday, March 15 (game #643)
Wix automation
The world's leading website builder aims to save businesses time with new tool