Modern technology gives us many things.

Microsoft: Hackers in China, Iran and elsewhere start exploiting widespread Apache Log4j flaws


Bigstock / World Image

Microsoft says groups connected to governments in China, Iran, North Korea and Turkey have begun exploiting vulnerabilities in the Apache Software Foundation’s widely used open-source Log4j software library.

Hackers can use the software flaws to gain control of compromised computers and systems. Microsoft has detected initial activity by government-affiliated groups ranging from experimentation to active exploitation of the vulnerabilities, the company said Tuesday in an updated post about the issue.

Others are using flaws to gain initial access for ransomware attacks.

“These access brokers then sell access to these networks to ransomware-as-a-service affiliates,” Microsoft said. “We have observed these groups attempting exploitation on both Linux and Windows systems, which may lead to an increase in human-operated ransomware impact on both of these operating system platforms.”

Microsoft’s security teams “have been analyzing our products and services to understand where Apache Log4j may be used and are taking expedited steps to mitigate any instances,” the company said in a separate post.

Apache has released two security updates to address the flaws discovered in Log4j. The software library is widely used to track security and performance information in programs developed in the cross-platform Java programming language, commonly used in consumer and enterprise apps, services, and websites.

Those security updates are designed for software vendors to apply. End users should then be on the lookout for software updates from those vendors once they’ve made the updates.

The U.S. Cybersecurity & Infrastructure Agency says software vendors who use Log4j in their products should apply the patches as soon as possible and inform their users to prioritize software updates, given “the severity of the vulnerabilities and the likelihood of an increase in exploitation by sophisticated cyber threat actors.”

Leave A Reply

Your email address will not be published.