Hackers used the Log4j flaw to gain access before moving across a company’s network, say security researchers

A North Korean hacking group known as Stonefly, linked to the notorious Lazarus Group, exploited a cybersecurity vulnerability in Log4j to breach an engineering firm associated with energy and military organizations. The attack compromised at least 18 computers within the network. According to researchers at Symantec, Stonefly focuses on strategic sectors to gather intelligence, using custom malware for sensitive data theft. Despite warnings about patching the Log4j vulnerability, many organizations remain exposed.