Nation-state hackers aim to exploit Log4j software flaw, Microsoft warns

Written by and
Dec 15, 2021 | CYBERSCOOP

Hackers associated with the governments of China, Iran, North Korea and Turkey have been trying to find ways to leverage the Apache Log4j vulnerability, Microsoft’s Threat Intelligence Team said Tuesday.

The notice came the same day a top U.S. government cyber official said that the Cybersecurity and Infrastructure Security Agency hasn’t seen any U.S. federal agencies targeted with the exploit, but that the government is still fearful of attacks. Hundreds of millions of devices are potentially at risk, an agency official previously said.

Microsoft’s notice said its analysts had observed “multiple” known state-associated hacking groups working with the vulnerability, with activity ranging from experimentation to integration in active campaigns to exploitation of targets. The flaw is so severe, computer security specialists have warned, that a successful attack could result in the takeover of an affected system.

An Iranian group Microsoft calls “Phosphorus” — known alternatively as “Charming Kitten” — that has been deploying ransomware of late has “operationalized” modifications to its tooling using Log4j, analysts said. A Chinese group, “HAFNIUM,” has also been observed attacking virtualization infrastructure with the vulnerability.

Cybersecurity firm Mandiant has also observed activity

Read More: