Security News > 2022 > August > Microsoft: Iranian hackers still exploiting Log4j bugs against Israel
Hackers continue to exploit the Log4j vulnerability in vulnerable applications, as shown by the Iranian 'MuddyWater' threat actor who was found targeting Israeli organizations using the SysAid software.
The latest MuddyWater hacking campaign outlined in a Microsoft report yesterday constitutes the first example of leveraging vulnerable SysAid applications to breach corporate networks.
MuddyWater previously targeted VMWare instances that carried Log4j flaws to drop web shells, but assuming that these were eventually patched, the threat actors explored alternative options.
The Iranian hackers exploit Log4Shell flaws for initial access, running malicious PowerShell via a specially crafted request sent to vulnerable endpoints and dropping web shells.
Ligolo is an open-source reverse-tunneling tool that the hackers use for securing communications between backdoors and C2 infrastructure.
While Microsoft's report doesn't go into the details of the particular tool, we know from a March 2022 report by Security Joes that the hackers added useful features like execution checks and command-line parameters.
News URL
Related news
- CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability (source)
- U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- Iranian MuddyWater Hackers Adopt New C2 Tool 'DarkBeatC2' in Latest Campaign (source)
- Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage (source)
- Microsoft: APT28 hackers exploit Windows flaw reported by NSA (source)
- Microsoft: APT28 hackers exploit Windows flaw reported by NSA (source)
- Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications (source)
- Iranian hackers pose as journalists to push backdoor malware (source)