by Ailan Evans
Hackers backed by China are using a recently-discovered vulnerability in a common software tool to gain access to data and systems belonging to internet infrastructure companies.
The vulnerability, known as Log4Shell, was discovered by Chinese cybersecurity researchers from Alibaba last week and is found in an open-source software tool called Log4J used by enterprise software companies and cloud infrastructure providers. If exploited, the flaw allows hackers to gain access to a company’s data and internal networks.
Hackers backed by foreign governments, including China, are exploiting the vulnerability to attack internet infrastructure, according to cybersecurity firms and researchers.
“As of the publish date of this blog post, we have uncovered evidence of exploitation by China and Iranian state actors,” researchers from cybersecurity firm Mandiant wrote late Wednesday.
The researchers said the vulnerability “is one of the most pervasive security vulnerabilities that organizations have had to deal with over the past decade” as it is “used by applications and systems deployed across organizations of all sizes.”
Microsoft issued a report Wednesday claiming to have detected the “vulnerability being used by multiple tracked nation-state activity groups originating from China, Iran, North Korea, and Turkey.”
“This activity ranges from experimentation during development, integration of the vulnerability to in-the-wild payload deployment, and exploitation against targets to achieve the actor’s objectives,” the report said.
The company identified one particular Chinese hacker syndicate, HAFNIUM, as using the Log4J flaw to attack internet infrastructure.
“In these attacks, HAFNIUM-associated systems were observed using a DNS service typically associated with testing activity to fingerprint systems,” Microsoft said.
The Cybersecurity Infrastructure and Security Agency (CISA) issued a notice to critical infrastructure companies warning them of the Log4J vulnerability and urging them to take appropriate security actions.
“We expect the vulnerability to be widely exploited by sophisticated actors and we have limited time to take necessary steps in order to reduce the likelihood of damage,” head of CISA, Jen Easterly, told leaders of critical infrastructure companies, according to CyberScoop.
Easterly added that the vulnerability “is one of the most serious I’ve seen in my entire career, if not the most serious.”
– – –
Ailan Evans is a reporter at Daily Caller News Foundation.
