Microsoft says state sponsored groups are joining other cybercriminals in targeting organizations with the Log4j exploit Log4Shell. Earlier this week, we reported on the company’s efforts alongside security firms and government agencies to battle the new attack that targets a vulnerability in Log4j.
Hackers have been found with links to China and other governments, meaning the threat of the Log4Shell malware is escalating. If you are unfamiliar with Log4j, it is a free code for logging activity on computer networks and applications.
It is used by the largest cloud vendors in the world. Microsoft Azure, Amazon Web Services, Google Cloud, Oracle, Cisco, IBM, VMware, RedHat, and dozens more use the platform.
Versions 2.0 to 2.14.1 of the Log4j software has a vulnerability that allows attackers to engage in remote execution attacks. If successful, the hack leaves the threat actor with control of the device. Apache Software Foundation has set out version 2.15.0 to patch the flaw.
However, for now there are potentially millions of systems that have not updated and remain at risk. While Log4Shell was at first to be focused on targeting cryptomining operations but has since also gone after wider operations.
That led the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) to say hundreds of millions of machines are at risk.
Cybersecurity company Mandiant Inc. says the threat from Log4Shell is one of the biggest in years and could be long-lasting.
“The effects of this vulnerability will reverberate for months to come—maybe even years—as we try to close these doors and try to hunt down all the actors who made their way in,” says John Hultquist, vice president of intelligence analysis at the U.S.-based cybersecurity firm Mandiant Inc.
Microsoft and Mandiant have tracked threat groups with links to Iran and China exploiting Log4j and starting attack. In an update to its original blog post, Microsoft says it has also observed attackers with links to Turkey and North Korea.
One of those Chinese threat groups was also involved in exploiting the Microsoft Exchange server vulnerability, another cybersecurity crisis from earlier this year.
Tip of the day: Windows Update downloads can often be frustrating because they are several gigabytes in size and can slow down your internet connection. That means your device may work with reduced performance while the update is downloading. In our guide, we show you how to limit bandwidth for Windows Update downloads, so they won’t bother you again.