The involvement of the Chinese government is suspected as the number of attacks exploiting Log4j's zero-day vulnerability 'Log4Shell' is increasing rapidly.



Attacks using the zero-day vulnerability 'Log4Shell ' for remote code execution discovered in Java's log output library Apache Log4j are increasing rapidly, and among the attackers, 'the existence of hackers related to the Chinese government' Was also confirmed, 'is published by security company Check Point Software.

The numbers behind a cyber pandemic – detailed dive --Check Point Software
https://blog.checkpoint.com/2021/12/13/the-numbers-behind-a-cyber-pandemic-detailed-dive/

Log4j vulnerability: Companies scramble to gird against hackers: NPR
https://www.npr.org/2021/12/14/1064123144/companies-scramble-to-defend-against-newly-discovered-log4j-digital-flaw

Hackers launch over 840,000 attacks through Log4J flaw | Ars Technica
https://arstechnica.com/information-technology/2021/12/hackers-launch-over-840000-attacks-through-log4j-flaw/

It has been revealed that Log4j, a Java log output library widely used all over the world, contains a zero-day vulnerability 'Log4Shell' that allows remote code execution. A patch for this zero-day vulnerability has already been released, but it has been pointed out that it may be one of the most serious vulnerabilities in the history of the Internet due to the wide range of use of Log4j.

The details of Log4Shell are summarized in the following articles.

Why does the vulnerability 'Log4Shell (CVE-2021-44228)' found in Java's Log4j library have a major impact on the world? --GIGAZINE



Since December 10, 2021 (Friday), when the existence of Log4Shell was revealed, it has been revealed that more than 840,000 cyber attacks using Log4Shell have occurred against companies all over the world. According to Check Point Software, Log4Shell-related attacks are on the rise from 10 days to 72 hours, and at some point more than 100 attacks were detected per minute. According to Check Point Software, most cyberattacks using Log4Shell 'remotely control computers to mine crypto assets, use them as part of a botnet, or generate excessive traffic on certain websites. We use it as part of a computer network that can be used for other purposes, such as letting it send, sending spam, and so on. '

In addition, almost half of the attackers who are launching cyber attacks using Log4Shell are known attackers. Among the 'known attackers' are malware users who turn remotely controlled computers into botnets, and 'Tsunami' and 'Mirai' networks that use remotely controlled computers such as denial of service attacks. Also includes cyber attack groups that do. In addition, a group using the software 'XMRig' that mines the digital currency Monero, which is difficult to track, was also detected.



According to Charles Carmakal , chief technology officer of cybersecurity company Mandiant, some of the attackers include 'Chinese government-backed hackers.' Carmakal refuses to share any further details, but researchers at cybersecurity startup SentinelOne also said, 'We have detected that Chinese hackers are using Log4Shell.'

Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA) at the US Department of Homeland Security, said Log4Shell was 'one of the most serious vulnerabilities I've seen in my career.' I commented. In addition, both CISA and the National Cybersecurity Center in the United Kingdom have issued warnings to Log4Shell urging companies to apply patches. In fact, large companies such as Apple, Amazon, IBM, Microsoft, and Cisco have responded to the Log4Shell fix, and at the time of writing, there were no reports of significant security breaches from major companies.

'Log4Shell gives attackers almost unlimited power. Attackers can extract sensitive data and upload files to servers,' said Nicholas Sciberras, Head of Engineering at Acunetix, the developer of vulnerability diagnostic tools. You can delete data, install ransomware, pivot to other servers, etc. ', and launching an attack is' surprisingly easy. '' Attacks that exploit Log4Shell will continue in the coming months. ' It also states.

in Software,   Security, Posted by logu_ii