Security researchers recently stunned the world with the Log4Shell hack, revealing that the entire internet is scrambling to patch a vulnerability in a widely used Java utility that many companies employ in their servers. Also known as the Log4j hack, the security issue allows hackers to get into computer systems without a password. We saw the first proof of concept in Minecraft, where hackers used text messages to control a computer remotely.
Unlike other massive security breaches, the fix for Log4j isn’t simple, and end-users can’t do anything about it themselves. It’s up to companies to patch the vulnerability. And each provider of an internet product will have to ensure that Log4j attacks can’t breach their servers. Researchers have now discovered that nation-state hackers from China, Iran, and North Korea are already looking into exploiting the scary vulnerability.
Unpatched Log4j servers would allow hackers to breach computer systems and perform all sorts of malicious activities. Security companies have said that hackers could steal information once inside a server system. They could install other programs remotely, with some attackers deploying crypto-mining tools via the Log4j vulnerability.
But nation-states could mount significantly larger campaigns, especially the kind of attackers that routinely appear in cybersecurity briefings. A new report in The Wall Street Journal mentions some of the countries that are looking to exploit Log4j.
Nation-state hackers targeting Log4j
The list includes China, Iran, North Korea, and Turkey. Surprisingly, Russia doesn’t appear in these early Log4j security reports.
The data doesn’t come from the US government, but rather private firms. Microsoft and Mandiant have already observed hacking groups that were previously linked to China and Iran targeting Log4j. Microsoft also identified nation-backed hackers from North Korea and Turkey.
The company said that some hackers are just experimenting with Log4j. Others are trying to break in.
One of the groups exploiting the new Java hack is the same China-backed team that Microsoft linked to the Exchange servers hack earlier this year. The Biden administration and other governments blamed China for that massive hack, although Beijing denied involvement in the attack.
Hackers affiliated with Iran are apparently already trying to deploy ransomware using Log4j. They’re also looking into making modifications to the exploit. Other hackers act as “access brokers,” looking to sell access to companies to other attackers.
But The Journal also explains that security researchers have not seen any signs suggesting that China or other nation-states are looking to deploy widespread Log4j attacks. Nation-state actors aside, Check Point had counted as many as 600,000 attempts to exploit Log4j. This indicates that hackers big and small are trying to make the most of a security issue that might take a long time to fix.