Recently, there have been several attacks observed actively exploiting the Log4Shell vulnerability. Addressing the same, several security agencies continue to warn about cybercriminals who continue to exploit the Log4j vulnerability in their attacks.

Series of warnings

In the past few weeks, multiple security agencies issued warnings about attackers attempting to exploit vulnerabilities in Log4j.
  • The Dutch National Cybersecurity Centre has warned against this flaw. According to the agency, the attackers are expected to behave this way despite the alert.
  • Recently, Microsoft posted a warning against a threat group, DEV-0401, exploiting the Log4Shell vulnerability on VMware Horizon systems and deploying Night Sky ransomware.
  • Additionally, Akamai researchers detected evidence of a vulnerability in Log4j being used in the propagation of malware, used by the Mirai botnet, targeting Zyxel networking devices.

The active abuse of Log4j vulnerability

A few ransomware groups have abused Log4Shell in their attacks, such as the Conti ransomware group was observed exploiting the CVE-2021-44228 flaw since December 2021.
  • SolarWinds fixed a flaw in a file-sharing software, Serv-U, when attackers abused the flaw to gain login access. 
  • The National Health Service had warned that an unknown threat group is trying to exploit the Log4j vulnerability that exists inside the VMware Horizon servers.
  • At the same time, researchers spotted that cybercriminals were found attempting to abuse the Log4Shell flaw for delivery of a new Khonsari ransomware on Windows systems.

Conclusion

The Log4Shell vulnerability has become a menace and poses a huge challenge to the security community. Several security agencies and services are continuously providing help to mitigate the threat. For example, the U.K NCSC has shared more information by using its website and GitHub repository. Following these could be of great help in avoiding this dreadful threat.
Cyware Publisher

Publisher

Cyware