Microsoft announces that the Hacking Group with the support of China, Iran, North Korea and Turkey is exploiting Log4j's zero-day vulnerability 'Log4Shell'

On December 14, 2021, a zero-day vulnerability 'Log4Shell ' that allows Microsoft to execute remote code that existed in Java's Log4j library is used by government-affiliated hacking groups related to China, Iran, North Korea, and Turkey. Announced that it was confirmed. Furthermore, on the same day, the US Cyber Security and Infrastructure Security Agency (CISA) issued a notification to government ministries to apply a patch for Log4 Shell by December 24th.

Guidance for preventing, detecting, and hunting for CVE-2021-44228 Log4j 2 exploitation --Microsoft Security Blog
https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/

CISA tells US federal agency to mitigate Log4j by Dec 24 • The Register
https://www.theregister.com/2021/12/15/log4j_latest_cisa/

Hackers Backed by China Seen Exploiting Security Flaw in Internet Software --WSJ
https://www.wsj.com/articles/hackers-backed-by-china-seen-exploiting-security-flaw-in-internet-software-11639574405

Log4Shell is a vulnerability found in Java's log output library 'Apache Log4j'. Due to the widespread use of Apache Log4j, Log4Shell is expected to have a serious impact on all sides at an unprecedented level, released by security organizations and the press on December 10, 2021. We are widely warning you to apply the fixed patch.

Why does the vulnerability 'Log4Shell (CVE-2021-44228)' found in Java's Log4j library have a major impact on the world? --GIGAZINE

Regarding this Log4Shell, Microsoft newly announced that 'We have confirmed that a hacking group affiliated with the Chinese, Iran, North Korean, and Turkish governments is conducting an attack that pierced the Log4Shell.' Iran's ransomware attack group 'PHOSPHORUS' and China's hacking group 'HAFNIUM' are given as examples in the announcement, PHOSPHORUS has acquired the Log4Shell exploit and modified it for attacks, HAFNIUM It is said that it is attacking the DNS service related to the fingerprint system test by poking Log4Shell. These attacks were detected and tracked by Microsoft's Threat Intelligence Center (MSTIC), Microsoft 365 Defender Threat Intelligence Team, Detection & Response Team (DART), and California cybersecurity firm RiskIQ.

A spokesman for the Chinese Embassy in Washington reportedly said, 'The Chinese government is against all types of cyberattacks, and it was the Chinese security team that first reported Log4Shell.' increase.

For a series of problems, the US Cyber Security Infrastructure Security Agency (CISA) opened a dedicated Log4Shell page on December 14th. Information such as a list of software vendors that are likely to be affected by Log4Shell is updated and posted from time to time.

Apache Log4j Vulnerability Guidance | CISA
https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance

In this page, the CISA states, 'In accordance with the binding operational directive 22-01 , the Federal Private Government must relax CVE-2021-44228 (Log4Shell) by December 24, 2021.' Described as. We have set a deadline for applying the Log4Shell patch to each ministry.