Lazarus exploit Log4Shell vulnerability to deliver novel RAT malware

North Korean group Lazarus is exploiting the Log4Shell vulnerability and new DLang-based malware in a global campaign targeting vulnerable enterprises. The tactic, dubbed Operation Blacksmith by Cisco Talos, begins with exploiting Log4Shell in VMWare Horizon servers and culminates in deploying custom-made proxy tool HazyLoad and remote access trojan NineRAT. Researchers have noted North Korean hackers have recently turned to unconventional technologies for malware creation. Lazarus is just one of several North Korean sub-groups conducting specialised cyberattacks.