{"id":13206,"date":"2021-12-28T16:03:28","date_gmt":"2021-12-28T15:03:28","guid":{"rendered":"https:\/\/woocommerce-331985-2347979.cloudwaysapps.com\/microsoft-state-sponsored-hackers-are-exploiting-log4j-vulnerability\/"},"modified":"2022-01-18T16:20:34","modified_gmt":"2022-01-18T15:20:34","slug":"microsoft-state-sponsored-hackers-are-exploiting-log4j-vulnerability","status":"publish","type":"post","link":"https:\/\/smartmileco.com\/microsoft-state-sponsored-hackers-are-exploiting-log4j-vulnerability\/","title":{"rendered":"Microsoft: State-Sponsored Hackers Are Exploiting Log4j Vulnerability","gt_translate_keys":[{"key":"rendered","format":"text"}]},"content":{"rendered":"

<\/p>\n

\n

The critical Apache Log4j 2 vulnerability is paving the way for state-sponsored hackers to steal data and launch ransomware attacks, according to Microsoft.\u00a0<\/p>\n

On Tuesday, the company warned<\/a> it had observed nation-state hacking groups from China, Iran, North Korea, and Turkey trying to exploit the Log4j 2 flaw. Their activites include experimenting with the bug and abusing the flaw to drop malicious payloads and extract data from victims.\u00a0<\/p>\n

According to Microsoft, an Iranian hacking group, dubbed Phosphorus or Charming Kitten, has allegedly been exploiting Log4j 2 to spread ransomware. A separate group from China called Hafnium has been observed leveraging the vulnerability to help it target potential victims.\u00a0<\/p>\n

\u201cIn these attacks, Hafnium-associated systems were observed using a DNS service typically associated with testing activity to fingerprint systems,\u201d Microsoft said.\u00a0<\/p>\n

The vulnerability is raising alarm bells because Apache\u2019s Log4j 2 software is used across the internet industry as a tool to log changes in a software or web application. By exploiting the flaw, a hacker can break into an IT system to steal data or run a malicious program. Not helping the problem is how the flaw is trivial to set up, making it all too easy for anyone to exploit it.\u00a0<\/p>\n

The report from Microsoft underscores the need for the entire tech industry to patch the flaw before mayhem ensues. The company didn\u2019t identify the state-sponsored hacking groups from North Korea or Turkey. But Microsoft added that other cybercriminal groups, called \u201caccess brokers,\u201d have been spotted exploiting the Log4j 2 bug to gain a foothold into networks.\u00a0<\/p>\n

\n
\n

Recommended by Our Editors<\/h3>\n<\/div>\n<\/div>\n

\u201cThese access brokers then sell access to these networks to ransomware-as-a-service affiliates,\u201d Microsoft said. \u201cWe have observed these groups attempting exploitation on both Linux and Windows systems, which may lead to an increase in human-operated ransomware impact on both of these operating system platforms.\u201d<\/p>\n

Other cybersecurity companies, including Mandiant, have also spotted state-sponsored hacking groups from China and Iran targeting the flaw. \u201cWe anticipate other state actors are doing so as well, or preparing to,\u201d said Mandiant VP of Intelligence Analysis John Hultquist. \u201cWe believe these actors will work quickly to create footholds in desirable networks for follow-on activity, which may last for some time.\u201d<\/p>\n

\n
\n
Like What You're Reading?<\/h5>\n

Sign up for Security Watch<\/strong> newsletter for our top privacy and security stories delivered right to your inbox.<\/p>\n

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use<\/a> and Privacy Policy<\/a>. You may unsubscribe from the newsletters at any time.<\/p>\n<\/p><\/div>\n<\/div>\n<\/div>\n