The company warned that nation-state hacking groups had tried to exploit the Log4j 2 flaw by eavesdropping on Tuesday. Their activites include experimenting with the bug and extorting the flaw to extract from victims’ payloads. According to Microsoft, an Iranian hacking group, dubbed Phosphorus or Charming Kitten, was exploiting Log4j 2 to spread ransomware. A group from China known as Hafnium has been established leveraging its vulnerability to help target potential victims. In these attacks, Hafnium-associated systems were monitored using a DNS service, commonly called a DNS service, when the system passed fingerprint sensors, Microsoft said. This vulnerability makes the alarm sound. Apaches log4j2 is used worldwide to log changes in a software or web application. A hacker can turn off the network in an effort to steal data or run a malicious program. As for the problem, the issue isn’t easy to solve, but it’s not easy to fix the problem with only a few clues. The report from Microsoft emphasizes the need for the entire tech industry to fix the flaw before it happens. The company wasn’t able to identify the state-sponsored hacking groups from Korea or Turkey. Microsoft added that other cybercriminal groups, called access brokers, have been spotted exploiting Log4j 2. to gain a foothold into networks. These brokers sell these networks to ransomware-as-a-service affiliates. We noticed that these groups are attempting to exploit Linux and Windows systems, but this could lead to an increase in human-operated ransomware to both of these operating system platforms. Other cybersecurity companies, including Mandiant, have also detected the state-sponsored hacking groups from China and Iran targeting the flaw. We anticipate that other state actors are doing so as well or are preparing to, said John Hultquist, VP of Intelligence Analysis. We believe that these actors work quickly to build new-generation networks for future activities, which may last a long time.
