Lazarus RAT Attack (CVE-2021-44228)

What is the Attack?
A new attack campaign led by the Lazarus threat actor group is seen employing new DLang-based Remote Access Trojan (RAT) malware. The attack attempts to exploit the Apache Log4j2 vulnerability (CVE-2021-44228) as initial access. Once compromised, it eventually creates a command and control (C2) channel.

What is the Vendor Solution?


Apache has released relevant updates in 2021 on https://logging.apache.org/log4j/2.x/security.html. CISA has provided guidance on mitigating the vulnerability at https://www.cisa.gov/news-events/news/apache-log4j-vulnerability-guidance.

What FortiGuard Coverage is available?

FortiGuard Labs …

access actor apache apache log4j2 attack campaign channel command command and control compromised control cve cve-2021-44228 dlang exploit initial access lazarus led log4j2 malware rat remote access remote access trojan solution threat threat actor trojan vendor vulnerability what is