North Korean hackers using Log4J vulnerability in global campaign

North Korean hackers, connected to Lazarus Group, have been exploiting the Log4j vulnerability in an attack campaign named “Operation Blacksmith”. This campaign targeted companies in manufacturing, agriculture, and physical security sectors, deploying new malware families, including “NineRAT”. The hackers, part of a sub-group called Andariel, used a command-and-control channel via Telegram to evade network detection measures. The attacks targeted Log4Shell on public-facing VMWare Horizon servers and created administrator accounts for extensive network access.