Chinese APTs are interested in Log4Shell vulnerability

Experts have already documented attempts to exploit the Log4Shell vulnerability by Chinese APTs to deliver ransomware and RATs.

The vulnerability in the Log4j logging utility from the Apache Software Foundation (CVE-2021-44228), discovered by the Chinese researcher p0rz9, has already begun to be exploited by Chinese cybercriminals.

A remote code execution vulnerability called Log4Shell scored a maximum 10 on the CVSSv3 scale because it can be exploited remotely without requiring any special technical skills. A critical hazard is the ubiquity of Log4j in nearly all major enterprise Java-based applications and servers.

The issue affects versions of log4j between 2.0-beta-9 and 2.14.1. The vulnerability was absent in version log4j 1 and was fixed in version 2.15.0.

As previously reported by Netlab 360 experts, through Log4Shell, hackers infect vulnerable Linux devices with malware for mining cryptocurrencies and carrying out DDoS attacks.

According to information security company Check Point, about 40% of corporate networks around the world have already been attacked by cybercriminals in an attempt to exploit Log4Shell. Well-known cybercriminal groups are behind 46% of attempts to exploit vulnerabilities in Check Point customers’ networks.

Although no large-scale exploitation incidents have been reported yet, experts fear that attacks are evolving. According to their forecasts, hackers will not be limited only to botnets and cryptominers, but will begin to deploy ransomware or other destructive software on vulnerable networks, which is can cause the “second Colonial Pipeline”.

It seems that the researchers’ predictions have already begun to come true. Although most devices attacked via Log4Shell are running Linux, Bitdefender also documented attempts by hackers to use the vulnerability to deliver Khonsari ransomware to Windows systems and download the Orcus Remote Access Trojan (RAT).

According to Juan Andres Guerrero-Saade, senior researcher at the information security company SentinelOne, he and his colleagues are already recording attempts by Chinese cybercriminal groups to exploit Log4Shell.

Let me remind you that we also wrote that Three Chinese APT Groups Attack Major Telecommunications Companies.