The Lazarus hackers are generally in pursuit of profit. But in this case, the main interest appears to be cyber espionage. A report indicates that the group is targeting the Log4j vulnerability in energy companies.
The Cyber Safety Review Board finds that the open source community is "under-equipped" to fully deal with the Log4j vulnerability and that it will be making appearances in the wild for "a decade or more."
Log4j usage is widespread, with billions of Java-enabled systems out there and is trivially easy to exploit. Here are key strategies to better protect your organization in both the short and long term.
While it might be tempting to view a major vulnerability as an indication of open source somehow being deficient, the reality is far from that. Open source software is not more or less secure than commercial software, and in reality, most commercial software either includes or runs on open source technologies.