Thursday, April 10, 2025
Follow us On Linkedin
HomeCVE/vulnerabilityChinese Hackers Exploiting Log4Shell Vulnerability & Attack Internet-Facing Systems

Chinese Hackers Exploiting Log4Shell Vulnerability & Attack Internet-Facing Systems

CVE/vulnerabilityCyber Attack

Published on

By Balaji
Chinese Hackers Exploiting Log4Shell Vulnerability & Attack Internet-Facing Systems

Supply Chain Attack Prevention

SIEM as a Service

Follow Us on Google News

The Chinese hackers are actively exploiting the Log4Shell Vulnerability in the Log4j library and it is identified as “CVE-2021-44228.”

Microsoft experts have claimed that Chinese hackers are targeting the companies and individuals with a new ransomware strain for double extortion, “Night Sky.”

In this ongoing ransomware operation, the hackers are exploiting the CVE-2021-44228 which is marked as one of the most critical flaws, and by exploiting this vulnerability they are also attacking the internet-facing systems as well.

- Advertisement - Google News

On December 27, 2021, the hackers started this ransomware operation in which they compromised the corporate networks of two well-known organizations Bangladesh and Japan.

For their victims on the Tor network, they have finely set up a leak site where they will publish the data that was stolen from the victims who have not paid the ransom.

Night Sky & Its Operators

While this ransomware family was initially spotted by the cybersecurity researchers of MalwareHunterteam, they noted that when this ransomware encrypts a file it put “.nightsky” as an extension of that encrypted file.

Here’s what the company spokesperson stated:-

“The security of our customers is our top priority at VMware as we respond to the industry-wide Apache Software Foundation Log4j vulnerabilities. Any service connected to the internet and not yet patched for Log4j vulnerabilities is vulnerable to hackers, and VMware strongly recommends taking immediate action.”

Moreover, the security experts at Microsoft have tracked the Chinese hacking group as, “DEV-0401,” they are found to be exploiting the Log4Shell flaw on VMware Horizon systems that are exposed.

Earlier, this same Chinese hacking group has deployed and exploited multiple ransomware, and among them, the most popular ones are:-

  • LockFile
  • AtomSilo
  • Rook

Here to make things legit the operators of Night Sky ransomware has used the C2 servers that mimic the domains of security and IT companies like:-

  • Trend Micro
  • Sophos
  • Nvidia
  • Rogers Corporation

Hackers are constantly targeting the networks of vulnerable organizations and individuals, and along with financially motivated hackers, the state-sponsored threat actors from countries like China, North Korea, Turkey, and Iran are also exploiting the bug.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Cyber Security News

Shuckworm Group Leverages GammaSteel Malware in Targeted PowerShell Attacks

The Russia-linked cyber-espionage group known as Shuckworm (also identified as Gamaredon or Armageddon) has...
Cyber Security News

ViperSoftX Malware Spreads Through Cracked Software, Targeting Unsuspecting Users

AhnLab Security Intelligence Center (ASEC) has unearthed a complex cyber campaign in which attackers,...
AI

The State of AI Malware and Defenses Against It

AI has recently been added to the list of things that keep cybersecurity leaders...
cyber security

Rogue Account‑Creation Flaw Leaves 100 K WordPress Sites Exposed

A severe vulnerability has been uncovered in the SureTriggers WordPress plugin, which could leave...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

Register Now

More like this

Cyber Attack

Sapphire Werewolf Upgrades Arsenal With Amethyst Stealer Targeting Energy Firms

Sapphire Werewolf has introduced a potent new weapon into its cyber arsenal, unveiling the...
CVE/vulnerability

Dell Alerts Users to Critical PowerScale OneFS Flaws Enabling Account Takeover

Dell Technologies has issued an urgent security advisory to its users, warning of several...
CVE/vulnerability

SonicWall Patches Multiple Vulnerabilities in NetExtender Windows Client

SonicWall has issued a critical alert concerning multiple vulnerabilities discovered in its NetExtender Windows...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2025 GBHackers On Security - All Rights Reserved