Within hours of the Log4j flaw being revealed, these hackers were using it

A prolific and likely state-backed hacking group repeatedly targeted several US state governments by using software vulnerabilities in web applications and then later scanning for Log4j vulnerabilities within hours of the vulnerability coming to light in order to maintain their access.  

Cybersecurity researchers at Mandiant have detailed how APT41, a state-sponsored cyber espionage and hacking group working out of China compromised at least six US government networks, as well as other organisations, sometimes repeatedly, between May 2021 and February 2022. 

The US Department of Justice indicted APT41 hackers in September 2020, but it doesn’t appear to have had an impact on the persistent nature of the attacks. 

According to analysis of the attacks, many of the initial compromises came in June 2021 via targeting insecure web applications. 

SEE: Cybersecurity: Let’s get tactical (ZDNet special report)

Then in December 2021, a zero-day vulnerability in the widely used Java logging library Apache Log4j was disclosed, and the researchers at Mandiant say APT41 began exploiting the Log4j vulnerability almost immediately.

“Within hours of the advisory, APT41 began exploiting the vulnerability to later compromise at least two U.S. state governments as well as their more traditional targets in the insurance and telecommunications industries,” Mandiant said.

While a patch was released when

Read More: https://www.zdnet.com/article/within-hours-of-the-log4j-flaw-being-revealed-these-hackers-were-using-it/#ftag=RSSbaffb68