Lazarus RAT Attack (CVE-2021-44228)

Read Time:51 Second

What is the Attack?
A new attack campaign led by the Lazarus threat actor group is seen employing new DLang-based Remote Access Trojan (RAT) malware. The attack attempts to exploit the Apache Log4j2 vulnerability (CVE-2021-44228) as initial access. Once compromised, it eventually creates a command and control (C2) channel.

What is the Vendor Solution?

Apache has released relevant updates in 2021 on https://logging.apache.org/log4j/2.x/security.html. CISA has provided guidance on mitigating the vulnerability at https://www.cisa.gov/news-events/news/apache-log4j-vulnerability-guidance.

What FortiGuard Coverage is available?

FortiGuard Labs has an IPS signature “Apache.Log4j.Error.Log.Remote.Code.Execution” (with default action is set to “block”) in place for CVE-2021-44228 and has released Antivirus signatures for the RAT malware related to the Lazarus campaign.

FortiGuard Labs recommends companies to scan their environment, find the versions of open-source vulnerable libraries in use, and develop an upgrade plan for them and always follow best practices.

Friday Squid Blogging: Squid Game Season Two Teaser

Clever Social Engineering Attack Using Captchas

US Cyberspace Solarium Commission Outlines Ten New Cyber Policy Priorities

Cybersecurity Skills Gap Leaves Cloud Environments Vulnerable

Going for Gold: HSBC Approves Quantum-Safe Technology for Tokenized Bullions

This Windows PowerShell Phish Has Scary Potential

Infostealers Cause Surge in Ransomware Attacks, Just One in Three Recover Data

FBI Shuts Down Chinese Botnet

Western Agencies Warn Risk from Chinese-Controlled Botnet

Lazarus RAT Attack (CVE-2021-44228)

ZDI-CAN-25373: Microsoft

DSA-5774-1 ruby-saml – security update

USN-6968-2: PostgreSQL vulnerability

USN-7015-2: Python vulnerabilities

USN-7027-1: Emacs vulnerabilities

USN-7024-1: tgt vulnerability