Hackers exploited a critical vulnerability in the Java-based Apache Log4j logging library to install hidden miners and other malware. About it reported Netlab 360 specialists.
An exploit called Log4Shell allowed attackers to download Mirai and Muhstik malware onto devices. Later they were used to launch Kinsing cryptominers, organize large-scale DDoS attacks, or install Cobalt Strike beacons to find vulnerable servers.
The attacks identified by the experts were aimed at devices running Linux.
“Currently, there have been no cases of exploitation of vulnerabilities by ransomware or Apt-groups, but the fact that Cobalt Strike beacons are deployed indicates an impending malicious campaign, ”the experts said.
Netlab 360 recommended that users update to the latest version of Log4j.
In turn, Cybereason researchers have developed a “vaccine” that disables the trustURLCodebase setting on the remote Log4j server, thereby eliminating a critical vulnerability.
Recall that in early December, Neodyme specialists discovered an error in the library of programs for the Solana protocol, which potentially allowed stealing funds from DeFi projects at a rate of about $ 27 million per hour.
Subscribe to Cryplogger news on Telegram: Cryplogger Feed – the entire news feed, Cryplogger – the most important news, infographics and opinions.
Found a mistake in the text? Select it and press CTRL + ENTER
Hackers exploited a critical vulnerability in the Java-based Apache Log4j logging library to install hidden miners and other malware. About it reported Netlab 360 specialists.
An exploit called Log4Shell allowed attackers to download Mirai and Muhstik malware onto devices. Later they were used to launch Kinsing cryptominers, organize large-scale DDoS attacks, or install Cobalt Strike beacons to find vulnerable servers.
The attacks identified by the experts were aimed at devices running Linux.
“Currently, there have been no cases of exploitation of vulnerabilities by ransomware or Apt-groups, but the fact that Cobalt Strike beacons are deployed indicates an impending malicious campaign, ”the experts said.
Netlab 360 recommended that users update to the latest version of Log4j.
In turn, Cybereason researchers have developed a “vaccine” that disables the trustURLCodebase setting on the remote Log4j server, thereby eliminating a critical vulnerability.
Recall that in early December, Neodyme specialists discovered an error in the library of programs for the Solana protocol, which potentially allowed stealing funds from DeFi projects at a rate of about $ 27 million per hour.
Subscribe to Cryplogger news on Telegram: Cryplogger Feed – the entire news feed, Cryplogger – the most important news, infographics and opinions.
Found a mistake in the text? Select it and press CTRL + ENTER
