APT ‘Aquatic Panda’ Targets Universities with Log4Shell Exploit Tools

Researchers from CrowdStrike disrupted an attempt by the threat group to steal industrial intelligence and military secrets from an academic institution.

Cyber criminals, under the moniker Aquatic Panda, are the latest advanced persistent threat group (APT) to exploit the Log4Shell vulnerability.

Researchers from CrowdStrike Falcon OverWatch recently disrupted the threat actors using Log4Shell exploit tools on a vulnerable VMware installation during an attack that involved of a large undisclosed academic institution, according to research released Wednesday.

“Aquatic Panda is a China-based [APT] with a dual mission of intelligence collection and industrial espionage,” wrote Benjamin Wiley, the author of the CrowdStrike report.

Wiley said researchers uncovered the suspicious activity tied to the target’s infrastructure. “This led OverWatch to hunt for unusual child processes associated with the VMware Horizon Tomcat web server service during routine operations,” he wrote.

OverWatch quickly notified the organization of the activity so the target could “begin their incident response protocol,” researchers said.

CrowdStrike, among other security firms, has been monitoring for suspicious activity around a vulnerability tracked as CVE-2021-44228 and colloquially known as Log4Shell that was found in the Apache Log4j logging library in early December and immediately set upon by attackers.

Ever-Widening Attack Surface

Read More: https://threatpost.com/aquatic-panda-log4shell-exploit-tools/177312/