News

Chinese APTs are interested in Log4Shell vulnerability

Photo of Daniel Zimmermann Daniel ZimmermannDecember 15, 2021
0 98 1 minute read

Experts have already documented attempts to exploit the Log4Shell vulnerability by Chinese APTs to deliver ransomware and RATs.

The vulnerability in the Log4j logging utility from the Apache Software Foundation (CVE-2021-44228), discovered by the Chinese researcher p0rz9, has already begun to be exploited by Chinese cybercriminals.

A remote code execution vulnerability called Log4Shell scored a maximum 10 on the CVSSv3 scale because it can be exploited remotely without requiring any special technical skills. A critical hazard is the ubiquity of Log4j in nearly all major enterprise Java-based applications and servers.

The issue affects versions of log4j between 2.0-beta-9 and 2.14.1. The vulnerability was absent in version log4j 1 and was fixed in version 2.15.0.

As previously reported by Netlab 360 experts, through Log4Shell, hackers infect vulnerable Linux devices with malware for mining cryptocurrencies and carrying out DDoS attacks.

According to information security company Check Point, about 40% of corporate networks around the world have already been attacked by cybercriminals in an attempt to exploit Log4Shell. Well-known cybercriminal groups are behind 46% of attempts to exploit vulnerabilities in Check Point customers’ networks.

Although no large-scale exploitation incidents have been reported yet, experts fear that attacks are evolving. According to their forecasts, hackers will not be limited only to botnets and cryptominers, but will begin to deploy ransomware or other destructive software on vulnerable networks, which is can cause the “second Colonial Pipeline”.

We expect to see this vulnerability in every organization’s supply chain.said Chris Evans, senior director of information security for HackerOne.
Chris Evans
Chris Evans

It seems that the researchers’ predictions have already begun to come true. Although most devices attacked via Log4Shell are running Linux, Bitdefender also documented attempts by hackers to use the vulnerability to deliver Khonsari ransomware to Windows systems and download the Orcus Remote Access Trojan (RAT).

According to Juan Andres Guerrero-Saade, senior researcher at the information security company SentinelOne, he and his colleagues are already recording attempts by Chinese cybercriminal groups to exploit Log4Shell.

Moreover, as Mandiant and Crowdstrike experts note, highly qualified hacker groups have already armed themselves with the vulnerability. Mandiant has described these groups as “working for the Chinese government.”

Let me remind you that we also wrote that Three Chinese APT Groups Attack Major Telecommunications Companies.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Tags
Photo of Daniel Zimmermann Daniel ZimmermannDecember 15, 2021
0 98 1 minute read
Photo of Daniel Zimmermann

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Xiaomi M365 scooters can be hacked and managed remotely

February 13, 2019
XcodeGhost infected iOS devices

XcodeGhost malware infected 128 million iOS devices

May 12, 2021
White House risk hacking

US White House puts itself at risk of hacking

October 25, 2019
Information on a million of South Korean bank cards put up for sale on darknet

Information on a million of South Korean bank cards put up for sale on darknet

August 6, 2019

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© Copyright 2024, All Rights Reserved  | Adware.Guru;
Back to top button