Thursday, May 15, 2025
HomeExploitHackers Exploiting Log4j2 Vulnerability in The Wild To Deploy Ransomware

Hackers Exploiting Log4j2 Vulnerability in The Wild To Deploy Ransomware

Published on

SIEM as a Service

Follow Us on Google News

An emergency security update has been released recently by the Apache Software Foundation to fix a 0-day vulnerability in the popular Log4j logging library.

This 0-day vulnerability in Log4j was exploited by the threat actors to deploy ransomware.

The Log4j is a Java library that is widely used in business systems and web applications. The cybersecurity experts have tracked this 0-day vulnerability as CVE-2021-44228 and with the 2.15.0 release, the patch was released.

- Advertisement - Google News

Flaw profile

This 0-day vulnerability was named as Log4Shell and achieved a score of 10 out of 10 points on the CVSS vulnerability rating scale.

This 0-day allows attackers to execute arbitrary code remotely since it’s an RCE.

  • CVE ID: CVE-2021-44228
  • Flaw Name: Log4Shell
  • Published Date: 12/10/2021
  • Last Modified: 12/14/2021
  • Source: Apache Software Foundation
  • Severity: Critical
  • Base Score: 10.0

Log4j is a work environment for activity log in Apache that allows monitoring the activity in an application, and here to exploit the 0-day flaw an attacker had to send a piece of malicious code.

It forces Java-based applications and servers that use the Log4j library to log a specific line in their internal systems.

When an application or server processes such logs, a string can cause the vulnerable system to load and run a malicious script from the domain controlled by the attacker.

Affected Products & Projects

This 0-day vulnerability was originally discovered while searching for the bugs on the servers of Minecraft, but Log4j is present in almost all corporate applications and Java servers.

So, here we have mentioned below all the popular affected products and projects:-

  • Apache Struts
  • Apache Flink
  • Apache Druid
  • Apache Flume
  • Apache Solr
  • Apache Flink
  • Apache Kafka
  • Apache Dubbo
  • Redis
  • ElasticSearch
  • Elastic Logstash
  • Ghidra

Attackers Exploiting The Vulnerability

The 0day flaw, CVE-2021-44228 can only be exploited if the log4j2.formatMsgNoLookups parameter is set to false. Bitdefender said.

In Log4j 2.15.0 release this parameter is set to true, primarily to stop such attacks. 

In short, the Log4j users who have already upgraded to version 2.15.0 and then set the flag to false will again become vulnerable to these attacks, the users who have not updated the same will remain safe.

However, here the hackers exploit this 0-day vulnerability by deploying several botnets, miners, malware, and ransomware. That’s why here we have mentioned the deployments used by the hackers:-

  • Muhstik Botnet
  • XMRIG miner
  • Khonsari (New Ransomware family)
  • Orcus (Remote Access Trojan)

Mitigations

Here, the cybersecurity analysts have recommended users to follow some immediate steps to mitigate this 0-day vulnerability, and here they are mentioned below:-

  • To identify all systems that implement the Apache Log4j2 logging framework, conduct a comprehensive infrastructure and software application audit.
  • Make sure to review all your software bills of materials, and software supply chain.
  • Enforce defense-in-depth approach.
  • Actively monitor the infrastructure for potential exploitation attempts.

While apart from this, with this latest update (Apache Log4j 2.16.0 update) no additional risks are posed by this vulnerability to users.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Threat Actors Leverage Weaponized HTML Files to Deliver Horabot Malware

A recent discovery by FortiGuard Labs has unveiled a cunning phishing campaign orchestrated by...

TA406 Hackers Target Government Entities to Steal Login Credentials

The North Korean state-sponsored threat actor TA406, also tracked as Opal Sleet and Konni,...

Google Threat Intelligence Releases Actionable Threat Hunting Technique for Malicious .desktop Files

Google Threat Intelligence has unveiled a series of sophisticated threat hunting techniques to detect...

New Adobe Photoshop Vulnerability Enables Arbitrary Code Execution

Adobe has released critical security updates addressing three high-severity vulnerabilities (CVE-2025-30324, CVE-2025-30325, CVE-2025-30326) in...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Ransomware Attacks Surge by 123% Amid Evolving Tactics and Strategies

The 2025 Third-Party Breach Report from Black Kite highlights a staggering 123% surge in...

PoC Exploit Published for macOS Sandbox Escape Vulnerability (CVE-2025-31258)

Security researchers have disclosed a new macOS sandbox escape vulnerability tracked as CVE-2025-31258, accompanied...

Cybercriminals Hide Undetectable Ransomware Inside JPG Images

A chilling new ransomware attack method has emerged, with hackers exploiting innocuous JPEG image...