Lazarus's NukeSped Backdoor and Log4Shell

Industry: N/A | Level: Tactical | Source: ASEC

The ASEC analysis team's tracking of North Korean threat group Lazarus, has identified the distribution of NukeSped backdoor malware by exploiting the Log4Shell vulnerability, CVE-2021-44228. The NukeSped malware is written in C++ and has been used by the threat group since 2020 with capabilities to initiate commands received from the attacker's command and control server. The malware has also been shown to be capable of keylogging, capturing screenshots and files, as well as deploying an information stealer. Data collected from the infostealer includes credentials, emails, and files.

Anvilogic Use Case:

• Potential CVE-2021-44228 - Log4Shell