Hackers used the Log4j flaw to gain access before moving across a company’s network, say security researchers

North Korea’s hacking operation, Stonefly, used a cybersecurity flaw in Log4j to breach an engineering firm tied to military and energy organizations. The firm’s vulnerability allowed hackers to infiltrate at least 18 computers, deploying password stealers, trojan malware, and Stonefly’s custom Preft backdoor malware. Symantec researchers warn that Stonefly’s focus on sensitive data and intellectual property makes it a major cyber threat.