Security News > 2021 > December > APT ‘Aquatic Panda’ Targets Universities with Log4Shell Exploit Tools

Cyber criminals, under the moniker Aquatic Panda, are the latest advanced persistent threat group to exploit the Log4Shell vulnerability.

Researchers from CrowdStrike Falcon OverWatch recently disrupted the threat actors using Log4Shell exploit tools on a vulnerable VMware installation during an attack that involved of a large undisclosed academic institution, according to research released Wednesday.

Eventually, researchers assessed that a modified version of the Log4j exploit was likely used during the course of the threat actor's operations, and that the infrastructure used in the attack is linked to Aquatic Panda, they said.

OverWatch researchers tracked the threat actor's activity closely during the intrusion to provide continuous updates to academic institution as its security administrators scrambled to mitigate the attack, they said.

The victim organization eventually patched the vulnerable application, which prevented further action from Aquatic Panda on the host and stopped the attack, researchers said.

Aquatic Panda also is not the first organized cybercrime group to recognize the opportunity to exploit Log4Shell, and likely not be the last.

News URL

https://threatpost.com/aquatic-panda-log4shell-exploit-tools/177312/