Where the Latest Log4Shell Attacks Are Coming From

2021-12-13 19:00

Researchers have started to fill in the details on the latest Log4Shell attacks, and they reported finding at least 10 specific Linux botnets leading the charge.

First, analysts at NetLab 360 detected two waves of Log4Shell attacks on their honeypots, from the Muhstik and Mirai botnets.

Secondly, they added, "The attack init function is also discarded, and the DDoS attack function is called directly by the command-processing function."

Following detection of those attacks, the Netlab 360 team found other botnets on the hunt for the Log4Shell vulnerability including: DDoS family Elknot; mining family m8220; SitesLoader; xmrig.

ELF; attack tool 1; attack tool 2; plus one unknown and a PE family.

The majority of exploitation attempts against Log4Shell originate in Russia, according to Kaspersky researchers who found 4,275 attacks launched from Russia, by far the most of any other region.

News URL

https://threatpost.com/log4shell-attacks-origin-botnet/176977/

#attack #log4shell