Iranian APT Uses Log4j Vulnerability
To Hack US Federal Network
Contents
Summary Of The Attack
- In December of last year, US federal agencies were the subject of hacking assaults, and companies were harmed.
- The Department of the Treasury, the Department of Commerce, and the US Department of Homeland Security were all affected.
- This time, according to the FBI and CISA, Iranian government-sponsored hackers accessed an undisclosed US federal agency’s network early this year, using the Log4Shell vulnerability to deploy crypto miners and compromised credentials.
- Cyber threat actors exploited the Log4Shell vulnerability in an unpatched VMware Horizon server, installed XMRig crypto mining software, advanced to the domain controller (DC), compromised credentials, and then implanted Ngrok reverse proxies on several hosts to maintain persistence,” according to the advisory.
- The assault highlights the pervasiveness of the Log4j vulnerability, which made worldwide headlines a year ago and remains a live danger for many businesses.
Stay Up-To-Date On The Latest Attacks
Be the first to know when our experts release new insights on the top attacks.
You're on the list! Just one more step...
Check your email to confirm your subscription.
What Happened?
According to the FBI and CISA, Iranian government-sponsored hackers accessed an undisclosed US federal agency’s network early this year, using the