Iranian Hackers Exploiting Unpatched Log4j 2 Bugs to Target Israeli Organizations
Aug 27, 2022
Iranian state-sponsored actors are leaving no stone unturned to exploit unpatched systems running Log4j to target Israeli entities, indicating the vulnerability's long tail for remediation. Microsoft attributed the latest set of activities to the umbrella threat group tracked as MuddyWater (aka Cobalt Ulster, Mercury, Seedworm, or Static Kitten), which is linked to the Iranian intelligence apparatus, the Ministry of Intelligence and Security (MOIS). The attacks are notable for using SysAid Server instances unsecured against the Log4Shell flaw as a vector for initial access, marking a departure from the actors' pattern of leveraging VMware applications for breaching target environments. "After gaining access, Mercury establishes persistence, dumps credentials, and moves laterally within the targeted organization using both custom and well-known hacking tools, as well as built-in operating system tools for its hands-on-keyboard attack," Microsoft said . The tech gia