Security News > 2022 > November > Iranian cyberspies exploited Log4j to break into a US govt network

Iranian state-sponsored cyber criminals used an unpatched Log4j flaw to break into a US government network, illegally mine for cryptocurrency, steal credentials and change passwords, and then snoop around undetected for several months, according to CISA. In an alert posted Wednesday, the US cybersecurity agency said it detected the advanced persistent threat activity on an unnamed federal civilian executive branch organization's network in April.

"CISA and the Federal Bureau of Investigation assess that the FCEB network was compromised by Iranian government-sponsored APT actors," according to the alert.

First on the list - for the love of god, people - patch the damn VMware Horizon systems to ensure they aren't running buggy Log4j code.

Despite it being almost a year since the discovery of Log4Shell, "I'm not surprised we are seeing reports like today's CISA and FBI advisory," Chainguard CEO and co-founder Dan Lorenc told The Register.

Keep credentials safe by creating a "Deny list" of known compromised usernames and passwords, and CISA suggests also using a local device credential protection feature.

Today's cybersecurity warning comes as the US has issued new sanctions against Iranian individuals and organizations in response to the state's brutal crackdown against protestors who condemned Mahsa Amini's murder in September.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/11/16/iranian_cyberspies_log4j/