Hackers Begin Exploiting Second Log4j Vulnerability as a Third Flaw Emerges

Khushi Jain

December 17, 2021

Researchers at security firm Praetorian warned of a third separate security weakness in Log4j version 2.15.0, soon after Cloudflare revealed on Wednesday about threat actors actively attempting to exploit a second bug disclosed in the widely used Log4j logging utility making it possible to carry out denial-of-service (DoS) attacks. This third flaw can allow for exfiltration of sensitive data in certain circumstances. Additional technical details of the flaw have been withheld to prevent further exploitation, but it's not immediately clear if this has been already addressed in the recent version 2.16.0. Advanced persistent threat groups from China, Iran, North Korea, and Turkey, counting the likes of Hafnium and Phosphorus, have tried to exploit the vulnerability. Over 1.8 million attempts to exploit the Log4j vulnerability have been recorded so far. Access brokers have been leveraging the Log4Shell flaw to gain initial access to target networks that were then sold to other ransomware affiliates as observed by Microsoft Threat Intelligence Center(MSTIC). In addition, dozens of malware families that run the gamut from cryptocurrency coin miners and remote access trojans to botnets and web shells have been identified taking advantage of this shortcoming to date.The Log4j flaw underscores the risks arising from software supply chains when a key piece of software is used within a broad range of products across several vendors and deployed by their customers around the world which leaves a wide swathe of industries exposed to remote exploitation.

Abridged fromThe Hacker News