Lazarus Cyber Group Deploys DLang Malware Strains

Connor Jones reports via The Register: DLang is among the newer breed of memory-safe languages being endorsed by Western security agencies over the past few years, the same type of language that cyber criminals are switching to. At least three new DLang-based malware strains have been used in attacks on worldwide organizations spanning the manufacturing, agriculture, and physical security industries, Cisco Talos revealed today. The attacks form part of what's being called 'Operation Blacksmith' and are attributed to a group tracked as Andariel, believed to be a sub-division of the Lazarus Group -- North Korea's state-sponsored offensive cyber unit.

The researchers noted that DLang is an uncommon choice for writing malware, but a shift towards newer languages and frameworks is one that's been accelerating over the last few years -- in malware coding as in the larger programming world. Rust, however, has often shown itself to be the preferred choice out of what is a fairly broad selection of languages deemed to be memory-safe. AlphV/BlackCat was the first ransomware group to make such a shift last year, re-writing its payload in Rust to offer its affiliates a more reliable tool. A month later, the now-shuttered Hive group did the same thing, and many others followed after that. Other groups to snub Rust include China-based Sandman which was recently observed using Lua-based malware, believed to be part of a wider shift toward Lua development from Chinese attackers.

Read more of this story at Slashdot.