Home » Iranian hackers use Log4Shell to mine crypto on federal computer system

Iranian hackers use Log4Shell to mine crypto on federal computer system

by admin

written by

Hackers with ties to the Iranian government infiltrated a US government agency’s network in early 2022, leveraging well-known flaws in open-source software libraries to install cryptocurrency mining software and compromise credentials , a federal cybersecurity official said Wednesday.

By exploiting the Log4Shell vulnerability, Iranian-backed hackers infiltrated an unpatched VMware Horizon server in February and used that access to sneak inside an unidentified federal agency’s network. moved laterally. Joint recommendation on Wednesday From the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security and the Federal Bureau of Investigation.

Log4Shell Vulnerability It’s been found Late last year, security researchers warned that the vulnerability could be exploited for years to come. This vulnerability affects the open source software Log4j. Log4j is a nearly ubiquitous tool that software developers have built into a wide variety of software.

Wednesday’s advisory, released nearly a year after Log4Shell’s discovery, shows how difficult it is to address software vulnerabilities in these widely deployed software packages.

Dan Lorenc, CEO and co-founder of Chainguard, a supply chain cybersecurity company, said in an email Wednesday: “It remains in every attacker’s toolbox and will continue to be used for gaining access or lateral movement in the near future.”

Following the disclosure of the Log4j flaw, CISA ordered Agencies under its jurisdiction conducted urgent patching operations and immediately began scanning vulnerable systems targeted by state-sponsored hackers. Authorities have warned that sprints to fix vulnerable systems are unlikely to detect all cases where vulnerable software is used.

Organizations still running vulnerable versions of Log4j should assume they have been compromised, CISA and the FBI said in an advisory Wednesday.

Iranian hacking groups rely on unpatched versions of log4j to gain access to various sensitive US systems. In February, Iranian hackers reportedly used the vulnerability to gain access to the computer systems of a US aerospace company and a local government. September recommendation From US and allied cybersecurity agencies. The recommendation said the activity was by a group with ties to Iran’s Islamic Revolutionary Guard Corps.

Wednesday’s recommendation did not name the group within Iran believed to be responsible for the leak, denounced “Iranian government-backed APT actors” and used the acronym “advanced and persistent threat”. Use usually refers to state-sponsored or highly resource-intensive activities. According to the advisory, the attacker exploited his Log4Shell vulnerability and relied on popular software to perform operations, including cryptocurrency mining, PsExec, Mimikatz, and Ngrok’s XMRig.

Hackers acting on behalf of the Iranian government are sometimes accused of traditional cybercriminal activities such as ransomware attacks, “blurring the line between electronic crime and espionage,” researchers say. said. told CyberScoop in September. Wednesday’s advisory may describe another activity where hacking groups (perhaps operating away from the government) are confusing espionage with cybercrime.

Related Posts

Leave a Comment