Microsoft observed broad exploitation of Apache Log4j 2 vulnerabilities, including mass scanning, coin mining, remote shells, Cobalt Strike deployment, credential theft, lateral movement, data exfiltration, and ransomware payloads. In the nation-state section, Microsoft stated that multiple tracked groups from China, Iran, North Korea, and Turkey were testing or implementing Log4Shell, ranging from experimentation to in-the-wild payload deployment and exploitation against targets. The report does not name a specific North Korean actor or payload in the excerpt, so the DPRK-relevant finding is limited to North Korea-origin activity adopting the vulnerability. The broader defensive significance is that Log4Shell quickly became a shared access vector for both commodity and state-linked operators, requiring patching plus hunting for post-exploitation activity on vulnerable systems.