Nation states go after Apache vulnerability © Getty Images State-sponsored hackers from countries including Iran and China are actively exploiting a major vulnerability in Apache logging package log4j to target organizations around the world, security researchers found this week. The log4j vulnerability, first discovered late last week, has set off alarm bells for cybersecurity professionals worldwide, given that it is fundamental to systems used by many organizations and difficult to fully patch. This seems concerning: Microsoft on Tuesday updated its blog post on the log4j vulnerability, warning that the Microsoft Threat Intelligence Center (MSTIC) had seen evidence of nation-state hacking groups in China, Iran, North Korea and Turkey exploiting it. The Iranian group exploiting log4j, which Microsoft labeled "Phosphorus," has previously been linked to targeting medical researchers and staffers on former President Trump’s reelection campaign. It has been launching ransomware attacks using the vulnerability. Meanwhile, a Chinese group labeled "Hafnium," which previously exploited flaws in Microsoft’s Exchange Server to potentially target thousands of groups, was seen to be using the log4j vulnerability to attack virtualization infrastructure. “This activity ranges from experimentation during development, integration of the vulnerability to in-the-wild payload deployment, and exploitation against targets to achieve the actor’s objectives,” the blog post reads. Government weighs in: Eric Goldstein, the executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA), told reporters Tuesday night that while the agency was seeing exploitation, it was not officially attributing this to any particular country. Read more here. |
No comments:
Post a Comment