Log4j vulnerability used to attack energy companies in Canada, US and Japan

North Korean state-sponsored hackers with the Lazarus Group have been exploiting the Log4j vulnerability in a campaign targeting energy companies in the US, Canada, and Japan. They use this vulnerability to conduct long-term espionage operations and theft of intellectual property. Despite global patching efforts, cybersecurity firms report that the Log4j vulnerability persists due to its presence in obsolete versions of applications.