News

Chinese APTs are interested in Log4Shell vulnerability

Experts have already documented attempts to exploit the Log4Shell vulnerability by Chinese APTs to deliver ransomware and RATs.

The vulnerability in the Log4j logging utility from the Apache Software Foundation (CVE-2021-44228), discovered by the Chinese researcher p0rz9, has already begun to be exploited by Chinese cybercriminals.

A remote code execution vulnerability called Log4Shell scored a maximum 10 on the CVSSv3 scale because it can be exploited remotely without requiring any special technical skills. A critical hazard is the ubiquity of Log4j in nearly all major enterprise Java-based applications and servers.

The issue affects versions of log4j between 2.0-beta-9 and 2.14.1. The vulnerability was absent in version log4j 1 and was fixed in version 2.15.0.

As previously reported by Netlab 360 experts, through Log4Shell, hackers infect vulnerable Linux devices with malware for mining cryptocurrencies and carrying out DDoS attacks.

According to information security company Check Point, about 40% of corporate networks around the world have already been attacked by cybercriminals in an attempt to exploit Log4Shell. Well-known cybercriminal groups are behind 46% of attempts to exploit vulnerabilities in Check Point customers’ networks.

Although no large-scale exploitation incidents have been reported yet, experts fear that attacks are evolving. According to their forecasts, hackers will not be limited only to botnets and cryptominers, but will begin to deploy ransomware or other destructive software on vulnerable networks, which is can cause the “second Colonial Pipeline”.

We expect to see this vulnerability in every organization’s supply chain.said Chris Evans, senior director of information security for HackerOne.
Chris Evans

It seems that the researchers’ predictions have already begun to come true. Although most devices attacked via Log4Shell are running Linux, Bitdefender also documented attempts by hackers to use the vulnerability to deliver Khonsari ransomware to Windows systems and download the Orcus Remote Access Trojan (RAT).

According to Juan Andres Guerrero-Saade, senior researcher at the information security company SentinelOne, he and his colleagues are already recording attempts by Chinese cybercriminal groups to exploit Log4Shell.

Moreover, as Mandiant and Crowdstrike experts note, highly qualified hacker groups have already armed themselves with the vulnerability. Mandiant has described these groups as “working for the Chinese government.”

Let me remind you that we also wrote that Three Chinese APT Groups Attack Major Telecommunications Companies.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Recent Posts

Remove Streamingsafevpn pop-up ads (Virus Removal Guide)

Streamingsafevpn.com is a site that tries to force you into subscribing to its browser notifications…

1 day ago

Remove Psegeevalrat.net pop-up ads (Virus Removal Guide)

Psegeevalrat.net is a site that tries to trick you into subscribing to its browser notifications…

1 day ago

Remove Thi-tl-310-a.buzz pop-up ads (Virus Removal Guide)

Thi-tl-310-a.buzz is a site that tries to force you into clik to its browser notifications…

2 days ago

Remove Toreffirmading pop-up ads (Virus Removal Guide)

Toreffirmading.com is a domain that tries to force you into subscribing to its browser notifications…

2 days ago

Remove News-xboveho.site pop-up ads (Virus Removal Guide)

News-xboveho.site is a domain that tries to force you into subscribing to its browser notifications…

2 days ago

Remove Glayingly pop-up ads (Virus Removal Guide)

Glayingly.com is a site that tries to trick you into subscribing to its browser notifications…

2 days ago