Thursday, March 28, 2024

Chinese Hackers Exploiting Log4Shell Vulnerability & Attack Internet-Facing Systems

The Chinese hackers are actively exploiting the Log4Shell Vulnerability in the Log4j library and it is identified as “CVE-2021-44228.”

Microsoft experts have claimed that Chinese hackers are targeting the companies and individuals with a new ransomware strain for double extortion, “Night Sky.”

In this ongoing ransomware operation, the hackers are exploiting the CVE-2021-44228 which is marked as one of the most critical flaws, and by exploiting this vulnerability they are also attacking the internet-facing systems as well.

On December 27, 2021, the hackers started this ransomware operation in which they compromised the corporate networks of two well-known organizations Bangladesh and Japan.

For their victims on the Tor network, they have finely set up a leak site where they will publish the data that was stolen from the victims who have not paid the ransom.

Night Sky & Its Operators

While this ransomware family was initially spotted by the cybersecurity researchers of MalwareHunterteam, they noted that when this ransomware encrypts a file it put “.nightsky” as an extension of that encrypted file.

Here’s what the company spokesperson stated:-

“The security of our customers is our top priority at VMware as we respond to the industry-wide Apache Software Foundation Log4j vulnerabilities. Any service connected to the internet and not yet patched for Log4j vulnerabilities is vulnerable to hackers, and VMware strongly recommends taking immediate action.”

Moreover, the security experts at Microsoft have tracked the Chinese hacking group as, “DEV-0401,” they are found to be exploiting the Log4Shell flaw on VMware Horizon systems that are exposed.

Earlier, this same Chinese hacking group has deployed and exploited multiple ransomware, and among them, the most popular ones are:-

  • LockFile
  • AtomSilo
  • Rook

Here to make things legit the operators of Night Sky ransomware has used the C2 servers that mimic the domains of security and IT companies like:-

  • Trend Micro
  • Sophos
  • Nvidia
  • Rogers Corporation

Hackers are constantly targeting the networks of vulnerable organizations and individuals, and along with financially motivated hackers, the state-sponsored threat actors from countries like China, North Korea, Turkey, and Iran are also exploiting the bug.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates

Website

Latest articles

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles