Lazarus RAT Attack (CVE-2021-44228)

Read Time:51 Second

What is the Attack?
A new attack campaign led by the Lazarus threat actor group is seen employing new DLang-based Remote Access Trojan (RAT) malware. The attack attempts to exploit the Apache Log4j2 vulnerability (CVE-2021-44228) as initial access. Once compromised, it eventually creates a command and control (C2) channel.

What is the Vendor Solution?

Apache has released relevant updates in 2021 on https://logging.apache.org/log4j/2.x/security.html. CISA has provided guidance on mitigating the vulnerability at https://www.cisa.gov/news-events/news/apache-log4j-vulnerability-guidance.

What FortiGuard Coverage is available?

FortiGuard Labs has an IPS signature “Apache.Log4j.Error.Log.Remote.Code.Execution” (with default action is set to “block”) in place for CVE-2021-44228 and has released Antivirus signatures for the RAT malware related to the Lazarus campaign.

FortiGuard Labs recommends companies to scan their environment, find the versions of open-source vulnerable libraries in use, and develop an upgrade plan for them and always follow best practices.

UK Government to Ban Creation of Explicit Deepfakes

CISA Claims Treasury Breach Did Not Impact Other Agencies

Supply Chain Attack Targets Key Ethereum Development Tools

New PhishWP Plugin Enables Sophisticated Payment Page Scams

Chinese Hackers Double Cyber-Attacks on Taiwan

Privacy of Photos.app’s Enhanced Visual Search

New Infostealer Campaign Uses Discord Videogame Lure

Scammers Drain $500m from Crypto Wallets in a Year

Friday Squid Blogging: Anniversary Post

Lazarus RAT Attack (CVE-2021-44228)

firefox-134.0-1.fc41

firefox-134.0-1.fc40

seamonkey-2.53.20-1.el8

seamonkey-2.53.20-1.fc40

seamonkey-2.53.20-1.fc41

USN-7187-1: Linux kernel (OEM) vulnerabilities