Irani and Chinese State Hackers Exploiting Log4j Vulnerability

According to John Hultquist, VP of Intelligence Analysis, Mandiant, Iranian state hackers are specifically aggressive with this Log4j vulnerability.

Cybersecurity firms Mandiant and CrowdStrike have confirmed that Iranian and Chinese state threat actors are exploiting the recently discovered Log4j or Log4Shell vulnerability, and many other actors are planning to exploit it.

Some reports suggest that North Korean and Turkish hackers are also using Log4j vulnerability for malicious purposes.

A lot of cyber folks have been predicting that state-sponsored hackers would exploit log4j, and last night attributions started dropping. Mandiant seeing China and Iran using it; Microsoft seeing those plus North Korea and Turkey.

— Kevin Collier (@kevincollier) December 15, 2021

What is Log4j?

The high severity Log4j vulnerability made headlines last week. It took the cybersecurity world by storm as researchers shared doubts that ransomware attacks may surge as threat actors would start to exploit it.

It is a critical RCE (remote code execution) flaw in the commonly used Java-based logging tool Apache Log4j. The vulnerability, tracked as CVE-2021-44228, was discovered in November and patched on 6 December.

However, exploitation of Apache Log4j started as early as 1 December, and wide-scale attacks were observed from 9 December

Read More: