Chinese hackers use Log4j exploit to go after academic institution

Written by
Dec 29, 2021 | CYBERSCOOP

A Chinese hacking group known for industrial espionage and intelligence collection used a vulnerability in Log4j to go after a large academic institution, researchers at CrowdStrike revealed Wednesday.

Threat analysts observed the group attempting to install malware after gaining access using a modified version of a Log4j exploit for VMWare Horizon, a virtual workspace technology. CrowdStrike also observed the Chinese hackers trying to harvest credentials for further exploitation.

CrowdStrike analysts believe that the group behind the attack, which it is calling “Aquatic Panda,” has likely been active since at least May 2020. Its operations have primarily focused on targets in the telecommunications, technology and government sectors.

“Because OverWatch disrupted the attack before AQUATIC PANDA could take action on their objectives, their exact intent is unknown,” Param Singh, vice president of CrowdStrike OverWatch, wrote to CyberScoop in an email. “This adversary, however, is known to use tools to maintain persistence in environments so they can gain access to intellectual property and other industrial trade secrets.”

CrowdStrike didn’t name the institution that Aquatic Panda targeted, or its location.

Researchers at Mandiant and Microsoft have also reported activity by Chinese threat groups exploiting the

Read More: