[ad_1]
Cybersecurity experts say ChineseHackers from Iran and other nations are exploiting a vulnerability in the open-source logging platform Apache Log4J to keep up with networks they intend to breach in the future.
The issue has alarmed both the private sector and the federal government as the affected software is widely used. Industries including electricity, water, food, transportation and manufacturing have been exposed, according to industrial control cybersecurity firm Dragos.
Cyber professionals are using it now, regardless of whether America’s hostile foes are responsible for the cyber breach. Cybersecurity firm Mandiant says it saw Chinese and Iran are exploiting the vulnerability that Microsoft says it has seen with groups from North Korea and Turkey.
Mandiant vice president of intelligence analysis, John Hultquist, said Wednesday that his team expects other state-sponsored hackers to prepare to join. Chinese and in Iran.
“We believe these actors will work rapidly to establish desirable network footprints for follow-up activities that may take some time,” Mr Hultquist said in a statement. “In some cases, they will work from a target wishlist that exists long before this vulnerability becomes public. In other cases, desirable targets can be selected after broad targeting.”
Mr Hultquist said the Iranians observed by Mandiant were “particularly aggressive” and were involved in ransomware operations that could be intended to wreak havoc on financial gain. Microsoft also said on its website that the Iranian group was distributing ransomware and that the company had observed changes to the Iranians’ vulnerability.
Check Point, a cybersecurity firm headquartered in Israel and California, said in a statement Wednesday. observed The Iranian hacker group used the Log4j vulnerability to track down seven targets in Israel in the past 24 hours.
Chinese hackers are a familiar foe for Microsoft. Microsoft identified the Chinese hackers as Hafnium, a group that Microsoft previously claimed was responsible for hacking Exchange servers.
Federal officials later said the Exchange hack, which compromised tens of thousands of computers, could be attributed to criminal contract hackers working for the company. ChineseMinistry of State Security.
Microsoft said that Hafnium’s goals appear to have expanded in its use of new Log4j-related issues.
“HAFNIUM is an active threat actor group. Chinese“It has been observed that they use the vulnerability to attack virtualization infrastructure to extend their typical targeting.” Web site. “In these attacks, the HAFNIUM-associated systems [Domain Name Service] service typically associated with testing activity for fingerprint systems.”
Issues with the Log4j vulnerability have grown even as cybersecurity experts try to defend against the attacks. In a post updated Wednesday afternoon, Check Point said it has observed more than 1.8 million attempts to exploit the Log4j vulnerability since Friday, meaning that almost half of the corporate networks it monitors are currently a target.
The Cybersecurity and Infrastructure Security Agency said so far no federal agency is known to have been compromised.
• This article contains wire service reports.
[ad_2]
Source link