Lazarus Group continues to exploit Log4j flaw in latest campaign

North Korea’s Lazarus Group, particularly its Andariel subgroup, has been exploiting the Log4j vulnerability in a worldwide campaign using three new malware strains and novel techniques such as C2 communication through Telegram bots and channels. Discovered by Cisco Talos researchers, the campaign dubbed as “Operation Blacksmith” targeted organizations in industries such as manufacturing, agriculture, and physical security. Andariel’s role is typically focused on initial access, reconnaissance, and long-term espionage access to support North Korean government interests.