Lazarus exploits Log4j flaws to deploy DLang malware

The Lazarus APT group, linked to North Korea, has used Log4j vulnerabilities to deploy new remote access trojans (RATs) in a hacking campaign known as Operation Blacksmith. Cisco Talos researchers identified three new DLang-based malware families, including RATs named NineRAT and DLRAT, and a custom proxy tool called HazyLoad. The group targeted a South American agricultural organization and a European manufacturing entity. The same vulnerabilities were exploited by the APT group Andariel in previous attacks.