"Microsoft: Nation-state Iranian hackers exploit Log4Shell against Israel"

According to new research, the Iranian hacker group MuddyWater, which is allegedly linked to the country's state intelligence service, is still exploiting the Log4j vulnerability to gain access to corporate networks in Israel during the two countries' ongoing proxy war. A report recently released by Microsoft reveals that the threat actor, also known as Mercury, has targeted vulnerabilities in SysAid, a popular IT management software used by many Israeli organizations. The group is affiliated with the Iranian Ministry of Intelligence and Security, according to the US Cyber Command (USCYBERCOM). It targeted telecommunications and IT service providers in the Middle East and Asia in December. MuddyWater's new attack, discovered by Microsoft in late July, is yet another instance of state-sponsored operations exploiting Log4Shell, a vulnerability in the Java library Log4j, which is used to add logging capabilities to web and desktop applications. Microsoft discovered that nation-state groups from China, Iran, North Korea, and Turkey were abusing Log4Shell to gain access to targeted networks. MuddyWater, for example, exploited the Log4j flaw to exploit vulnerabilities in VMware apps that were eventually patched. The group exploited the Log4j flaw to gain initial access to unpatched SysAid systems before deploying an infected script and more. The hackers created a new user and gave it local administrator privileges. They also placed malware in startup folders to ensure that access was maintained even if the victim rebooted their system. Using the open-source application Mimikatz, the hackers stole user credentials. Microsoft advises SysAid users to apply security patches and update affected products and services. SysAid released Log4j patches for its products a month after a bug was discovered by an employee of the Chinese tech giant Alibaba. Microsoft has also released indicators of compromise (IOCs), allowing businesses to determine whether they exist in their systems. This article continues to discuss the MuddyWater hacker group's exploitation of the Log4j vulnerability in attacks against Israel.

The Record reports "Microsoft: Nation-state Iranian hackers exploit Log4Shell against Israel"