Thursday, April 10, 2025
HomeExploitHackers Exploiting Log4j2 Vulnerability in The Wild To Deploy Ransomware

Hackers Exploiting Log4j2 Vulnerability in The Wild To Deploy Ransomware

Published on

SIEM as a Service

Follow Us on Google News

An emergency security update has been released recently by the Apache Software Foundation to fix a 0-day vulnerability in the popular Log4j logging library.

This 0-day vulnerability in Log4j was exploited by the threat actors to deploy ransomware.

The Log4j is a Java library that is widely used in business systems and web applications. The cybersecurity experts have tracked this 0-day vulnerability as CVE-2021-44228 and with the 2.15.0 release, the patch was released.

- Advertisement - Google News

Flaw profile

This 0-day vulnerability was named as Log4Shell and achieved a score of 10 out of 10 points on the CVSS vulnerability rating scale.

This 0-day allows attackers to execute arbitrary code remotely since it’s an RCE.

  • CVE ID: CVE-2021-44228
  • Flaw Name: Log4Shell
  • Published Date: 12/10/2021
  • Last Modified: 12/14/2021
  • Source: Apache Software Foundation
  • Severity: Critical
  • Base Score: 10.0

Log4j is a work environment for activity log in Apache that allows monitoring the activity in an application, and here to exploit the 0-day flaw an attacker had to send a piece of malicious code.

It forces Java-based applications and servers that use the Log4j library to log a specific line in their internal systems.

When an application or server processes such logs, a string can cause the vulnerable system to load and run a malicious script from the domain controlled by the attacker.

Affected Products & Projects

This 0-day vulnerability was originally discovered while searching for the bugs on the servers of Minecraft, but Log4j is present in almost all corporate applications and Java servers.

So, here we have mentioned below all the popular affected products and projects:-

  • Apache Struts
  • Apache Flink
  • Apache Druid
  • Apache Flume
  • Apache Solr
  • Apache Flink
  • Apache Kafka
  • Apache Dubbo
  • Redis
  • ElasticSearch
  • Elastic Logstash
  • Ghidra

Attackers Exploiting The Vulnerability

The 0day flaw, CVE-2021-44228 can only be exploited if the log4j2.formatMsgNoLookups parameter is set to false. Bitdefender said.

In Log4j 2.15.0 release this parameter is set to true, primarily to stop such attacks. 

In short, the Log4j users who have already upgraded to version 2.15.0 and then set the flag to false will again become vulnerable to these attacks, the users who have not updated the same will remain safe.

However, here the hackers exploit this 0-day vulnerability by deploying several botnets, miners, malware, and ransomware. That’s why here we have mentioned the deployments used by the hackers:-

  • Muhstik Botnet
  • XMRIG miner
  • Khonsari (New Ransomware family)
  • Orcus (Remote Access Trojan)

Mitigations

Here, the cybersecurity analysts have recommended users to follow some immediate steps to mitigate this 0-day vulnerability, and here they are mentioned below:-

  • To identify all systems that implement the Apache Log4j2 logging framework, conduct a comprehensive infrastructure and software application audit.
  • Make sure to review all your software bills of materials, and software supply chain.
  • Enforce defense-in-depth approach.
  • Actively monitor the infrastructure for potential exploitation attempts.

While apart from this, with this latest update (Apache Log4j 2.16.0 update) no additional risks are posed by this vulnerability to users.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Cable: Powerful Post-Exploitation Toolkit for Active Directory Attacks

Cybersecurity researchers are raising alarms about Cable, a potent open-source post-exploitation toolkit designed to exploit...

Langflow AI Builder Vulnerability Allows Remote Server Takeover by Attackers

A critical security vulnerability has been discovered in the Langflow AI Builder, a popular...

Hackers Claim WooCommerce Breach Exposing 4.4 Million Customer Records

A hacker operating under the alias “Satanic” has claimed responsibility for a massive data...

TP-Link Smart Hub Flaw Exposes Users’ Wi-Fi Credentials

A critical vulnerability has been discovered in TP-Link’s Smart Hub, potentially exposing users’ Wi-Fi...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

AkiraBot Floods 80,000 Sites After Outsmarting CAPTCHAs and Slipping Past Network Defenses

AkiraBot, identified by SentinelLABS, represents a sophisticated spam bot framework that targets website chats...

CatB Ransomware Abuses Microsoft Distributed Transaction Coordinator for Stealthy Payload Execution

The cybersecurity realm has encountered a formidable adversary with the emergence of CatB ransomware,...

Ransomware Groups Target Organizations to Exfiltrate Data and Blackmail via Leak Site Posts

Ransomware attacks have continued their relentless assault on organizations worldwide, with a focus on...