"Log4Shell Exploits Now Used Mostly for DDoS Botnets, Cryptominers"

Threat actors are still exploiting the Log4Shell vulnerabilities contained by the widely used Log4j software to add devices to Distributed Denial-of-Service (DDoS) botnets and plant cryptomining malware. According to a report from Barracuda, the volume of attempts to exploit Log4Shell vulnerabilities has remained relatively constant. The analysis of attacks involving the exploitation of these vulnerabilities showed that most exploitation attempts were made by malicious actors in the US, Japan, central Europe, and Russia. The operators of the Mirai botnet have exploited Log4Shell vulnerabilities. The Mirai malware targets publicly exposed network cameras, routers, and other devices and then recruits them into a botnet composed of remotely controlled bots. The threat actor controls the botnet to execute DDoS attacks against targets, draining their resources and disrupting their online services. Barracuda's report explains that Mirai is distributed in different forms from various sources, meaning the operators are trying to build a large botnet that attacks victims of all sizes. The threat actors behind these operations are said to be renting their botnet firepower to others or performing DDoS attacks themselves to extort target companies. Other payloads dropped through the exploitation of Log4Shell vulnerabilities include BillGates malware, Kinsing, XMRig, and Muhstik. This article continues to discuss the continued exploitation of Log4Shell vulnerabilities to build DDoS botnets and deliver cryptomining malware. 

Bleeping Computer reports "Log4Shell Exploits Now Used Mostly for DDoS Botnets, Cryptominers"