Hackers backed by China are using a recently-discovered vulnerability in a common software tool to gain access to data and systems belonging to internet infrastructure companies.
The vulnerability, known as Log4Shell, was discovered by Chinese cybersecurity researchers from Alibaba last week and is found in an open-source software tool called Log4J used by enterprise software companies and cloud infrastructure providers. If exploited, the flaw allows hackers to gain access to a company’s data and internal networks.
Hackers backed by foreign governments, including China, are exploiting the vulnerability to attack internet infrastructure, according to cybersecurity firms and researchers. (RELATED: Democrat-Linked PR Firm CLS Strategies Is Lobbying China Bill For Drone Company Blacklisted Over Alleged Human Rights Abuses)
“As of the publish date of this blog post, we have uncovered evidence of exploitation by China and Iranian state actors,” researchers from cybersecurity firm Mandiant wrote late Wednesday.
The researchers said the vulnerability “is one of the most pervasive security vulnerabilities that organizations have had to deal with over the past decade” as it is “used by applications and systems deployed across organizations of all sizes.”
Jen Easterly, nominee to be the Director of the Homeland Security Cybersecurity and Infrastructure Security Agency, testifies during her confirmation hearing before the Senate Homeland Security and Governmental Affairs Committee on June 10, 2021 in Washington, DC. (Photo by Kevin Dietsch/Getty Images)
Microsoft issued a report Wednesday claiming to have detected the “vulnerability being used by multiple tracked nation-state activity groups originating from China, Iran, North Korea, and Turkey.”
“This activity ranges from experimentation during development, integration of the vulnerability to in-the-wild payload deployment, and exploitation against targets to achieve the actor’s objectives,” the report said.
The company identified one particular Chinese hacker syndicate, HAFNIUM, as using the Log4J flaw to attack internet infrastructure.
“In these attacks, HAFNIUM-associated systems were observed using a DNS service typically associated with testing activity to fingerprint systems,” Microsoft said.
The Cybersecurity Infrastructure and Security Agency (CISA) issued a notice to critical infrastructure companies warning them of the Log4J vulnerability and urging them to take appropriate security actions.
“We expect the vulnerability to be widely exploited by sophisticated actors and we have limited time to take necessary steps in order to reduce the likelihood of damage,” head of CISA, Jen Easterly, told leaders of critical infrastructure companies, according to CyberScoop.
Easterly added that the vulnerability “is one of the most serious I’ve seen in my entire career, if not the most serious.”
All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact licensing@dailycallernewsfoundation.org.