Attackers Target Log4J to Drop Ransomware, Web Shells, Backdoors

Amid the increase in Log4J attack activity, at least one Iranian state-backed threat group is preparing to target the vulnerability, experts say.

Dark Reading, Staff & Contributors

December 15, 2021

1 Min Read

Threat actors, including at least one nation-state actor, are attempting to exploit the newly disclosed Log4j flaw to deploy ransomware, remote access Trojans, and Web shells on vulnerable systems. All the while, organizations continue to download versions of the logging tool containing the vulnerability.

This new attack activity represents an escalation of sorts from attackers' initial exploitation attempts, which mainly focused on dropping cryptocurrency mining tools and compromising systems with the goal of adding them to a botnet. Targeted systems include servers, virtual machines, PCs, and IP cameras.

CrowdStrike on Tuesday said it has observed a nation-state actor make moves that suggest an interest in exploiting the flaw.

"CrowdStrike Intelligence has observed state-sponsored actor NEMESIS KITTEN -- based out of Iran -- newly deploy into a server a class file that could be triggered by Log4j," says Adam Meyers, senior vice president of intelligence at CrowdStrike. "The timing, intent, and capability are consistent with what would be the adversary attempting to exploit Log4j," he adds. Meyers describes NEMESIS KITTEN as an adversary that has previously been engaged in both disruptive and destructive attacks.

The latest developments heighten the urgency for organizations to update to the new version of the Log4j logging framework that the Apache Foundation released Dec. 10, or to apply the mitigations it has recommended, security experts said this week.

Read the Full Article on Dark Reading

About the Author(s)

Dark Reading

Staff & Contributors

Dark Reading: Connecting The Information Security Community

Long one of the most widely-read cybersecurity news sites on the Web, Dark Reading is also the most trusted online community for security professionals. Our community members include thought-leading security researchers, CISOs, and technology specialists, along with thousands of other security professionals.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights