Friday, April 19, 2024

Hackers Exploiting Log4j2 Vulnerability in The Wild To Deploy Ransomware

An emergency security update has been released recently by the Apache Software Foundation to fix a 0-day vulnerability in the popular Log4j logging library.

This 0-day vulnerability in Log4j was exploited by the threat actors to deploy ransomware.

The Log4j is a Java library that is widely used in business systems and web applications. The cybersecurity experts have tracked this 0-day vulnerability as CVE-2021-44228 and with the 2.15.0 release, the patch was released.

Flaw profile

This 0-day vulnerability was named as Log4Shell and achieved a score of 10 out of 10 points on the CVSS vulnerability rating scale.

This 0-day allows attackers to execute arbitrary code remotely since it’s an RCE.

  • CVE ID: CVE-2021-44228
  • Flaw Name: Log4Shell
  • Published Date: 12/10/2021
  • Last Modified: 12/14/2021
  • Source: Apache Software Foundation
  • Severity: Critical
  • Base Score: 10.0

Log4j is a work environment for activity log in Apache that allows monitoring the activity in an application, and here to exploit the 0-day flaw an attacker had to send a piece of malicious code.

It forces Java-based applications and servers that use the Log4j library to log a specific line in their internal systems.

When an application or server processes such logs, a string can cause the vulnerable system to load and run a malicious script from the domain controlled by the attacker.

Affected Products & Projects

This 0-day vulnerability was originally discovered while searching for the bugs on the servers of Minecraft, but Log4j is present in almost all corporate applications and Java servers.

So, here we have mentioned below all the popular affected products and projects:-

  • Apache Struts
  • Apache Flink
  • Apache Druid
  • Apache Flume
  • Apache Solr
  • Apache Flink
  • Apache Kafka
  • Apache Dubbo
  • Redis
  • ElasticSearch
  • Elastic Logstash
  • Ghidra

Attackers Exploiting The Vulnerability

The 0day flaw, CVE-2021-44228 can only be exploited if the log4j2.formatMsgNoLookups parameter is set to false. Bitdefender said.

In Log4j 2.15.0 release this parameter is set to true, primarily to stop such attacks. 

In short, the Log4j users who have already upgraded to version 2.15.0 and then set the flag to false will again become vulnerable to these attacks, the users who have not updated the same will remain safe.

However, here the hackers exploit this 0-day vulnerability by deploying several botnets, miners, malware, and ransomware. That’s why here we have mentioned the deployments used by the hackers:-

  • Muhstik Botnet
  • XMRIG miner
  • Khonsari (New Ransomware family)
  • Orcus (Remote Access Trojan)


Here, the cybersecurity analysts have recommended users to follow some immediate steps to mitigate this 0-day vulnerability, and here they are mentioned below:-

  • To identify all systems that implement the Apache Log4j2 logging framework, conduct a comprehensive infrastructure and software application audit.
  • Make sure to review all your software bills of materials, and software supply chain.
  • Enforce defense-in-depth approach.
  • Actively monitor the infrastructure for potential exploitation attempts.

While apart from this, with this latest update (Apache Log4j 2.16.0 update) no additional risks are posed by this vulnerability to users.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.


Latest articles

Alert! Windows LPE Zero-day Exploit Advertised on Hacker Forums

A new zero-day Local Privilege Escalation (LPE) exploit has been put up for sale...

Palo Alto ZeroDay Exploited in The Wild Following PoC Release

Palo Alto Networks has disclosed a critical vulnerability within its PAN-OS operating system, identified...

FIN7 Hackers Attacking IT Employees Of Automotive Industry

IT employees in the automotive industry are often targeted by hackers because they have...

Russian APT44 – The Most Notorious Cyber Sabotage Group Globally

As Russia's invasion of Ukraine enters its third year, the formidable Sandworm (aka FROZENBARENTS,...

SoumniBot Exploiting Android Manifest Flaws to Evade Detection

A new banker, SoumniBot, has recently been identified. It targets Korean users and is...

LeSlipFrancais Data Breach: Customers’ Personal Information Exposed

LeSlipFrancais, the renowned French underwear brand, has confirmed a data breach impacting its customer...

Cisco Hypershield: AI-Powered Hyper-Distributed Security for Data Center

Cisco has unveiled its latest innovation, Cisco Hypershield, marking a milestone in cybersecurity.This groundbreaking...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.


Mastering WAAP/WAF ROI Analysis

As the importance of compliance and safeguarding critical websites and APIs grows, Web Application and API Protection (WAAP) solutions play an integral role.
Key takeaways include:

  • Pricing models
  • Cost Estimation
  • ROI Calculation

Related Articles