1. Lazarus Group, a North Korean hacking organization, is known for cyber espionage, financial theft, and destructive attacks. They have been involved in high-profile incidents such as the Sony Pictures hack and the WannaCry ransomware outbreak.

2. Cisco Talos researchers discovered Lazarus Group's "Operation Blacksmith," which uses new DLang-based malware to attack global organizations.

3. The operation exploits Log4Shell vulnerability and uses Telegram for communication.

4. Three malware families were discovered: Telegram-based RAT "NineRAT," non-Telegram RAT "DLRAT," and downloader "BottomLoader."

5. NineRAT operates through Telegram for command and control and has persistence mechanisms.

6. Anadriel, active since 2022, uses Telegram for communication and handles file upload/download.

7. BottomLoader is a downloader that downloads payloads via a PowerShell command and creates persistence.

8. DLRAT is a downloader and RAT that executes commands, performs reconnaissance, and communicates with C2 using a session ID.

9. The attack exploits the Log4Shell vulnerability on VMWare Horizon servers for initial access.

10. The IOCs include hashes and network indicators.

Hashtags: #CyberSecurity #CyberSecurityNews #Ransomware #Vulnerability

https://cybersecuritynews.com/lazarus-groups-operation-blacksmith/