Researchers Uncover First Use Of Log4Shell Flaw In Attack

Share post:

BitDefender recently discovered the first ransomware family installed directly through Log4Shell exploits. In their statement, the researchers pointed out that the exploit downloads a Java class, which is loaded and executed by the Log4j application.

After it was loaded, it would download a .NET binary from the same server to install new ransomware known as Khonsari.

While the name appears as an extension for encrypted files, it is also used in the ransom note. Since a public exploit was released for Log4Shell, attackers have been scrambling to exploit the vulnerability.

The vulnerability allows attackers to easily identify vulnerable devices or execute code supplied by a remote site.

Giving details on the Khonsari ransomware, Michael Gillespie explained that Khonsari uses valid encryption and is secure.

However, an irregularity observed in its ransom note does not offer room for how to reach the threat actor. This suggests that Khonsari may not be ransomware, but instead a wiper.

For more information, read the original story in BleepingComputer.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Abuse of valid accounts by threat actors hits a high, says IBM

Attackers are finding that obtaining valid credentials is an easier route to achieving their goals, s

Cyber Security Today, Feb. 21, 2024 – A patch warning from ConnectWise, the latest ransomware news, and more

This episode reports on a report comparing business email compromise attacks against ransomware

UK leads takedown of LockBit ransomware gang’s website

The LockBit ransomware gang’s website has been seized, several news agencies reported late Monday. The Reuters news agency and The Register are carrying stories based on a new splash screen that has appeared on the gang’s website. It says, “This site is now under the control of the National Crime Agency of the UK, working

Cyber Security Today, Feb. 19, 2024 – Fake police data breach notification fools Maine’s AG site

This episode reports a recent fake data breach report and two real ones, a man pleads guilty to being involved in malware distribution

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways