Security News > 2021 > December > Log4j vulnerability now used by state-backed hackers, access brokers
As expected, nation-state hackers of all kinds have jumped at the opportunity to exploit the recently disclosed critical vulnerability in the Apache Log4j Java-based logging library.
Also known as Log4Shell or LogJam, the vulnerability is now being used by threat actors linked to governments in China, Iran, North Korea, and Turkey, as well as access brokers used by ransomware gangs.
In a report on Sunday, Microsoft Threat Intelligence Center observed the critical Log4j bug being exploited to drop Cobalt Strike beacons, which could indicate that more menacing actors were at play since the payload is often part of network breaches.
Cybersecurity firm Mandiant has confirmed that Chinese and Iranian state actors are using the Log4j vulnerability in attacks and is expecting that other groups to be doing the same or be in a preparation stage.
Apart from nation-state actors, Microsoft has confirmed that brokers providing initial network access to various groups, mostly financially motivated have also started to exploit the Log4j flaw.
Log4Shell has already been used in a ransomware attack from a new actor named Khonsari, a report from Bitdefender shows.