Microsoft: Hackers in China, Iran and elsewhere start exploiting widespread Apache Log4j flaws

Microsoft says groups connected to governments in China, Iran, North Korea and Turkey have begun exploiting vulnerabilities in the Apache Software Foundation’s widely used open-source Log4j software library.

Hackers can use the software flaws to gain control of compromised computers and systems. Microsoft has detected initial activity by government-affiliated groups ranging from experimentation to active exploitation of the vulnerabilities, the company said Tuesday in an updated post about the issue.

Others are using flaws to gain initial access for ransomware attacks.

“These access brokers then sell access to these networks to ransomware-as-a-service affiliates,” Microsoft said. “We have observed these groups attempting exploitation on both Linux and Windows systems, which may lead to an increase in human-operated ransomware impact on both of these operating system platforms.”

The U.S. Cybersecurity & Infrastructure Agency says software vendors who use Log4j in their products should apply the patches as soon as possible and inform their users to prioritize software updates, given “the severity of the vulnerabilities and the likelihood of an increase in exploitation by sophisticated cyber threat actors.”

https://www.geekwire.com/2021/microsoft-hackers-in-china-iran-and-elsewhere-start-exploiting-widespread-apache-log4j-flaws/

https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance