It’s one of the most widespread security flaws ever discovered on the Internet, and more and more hackers are attempting to exploit it. State-sponsored attackers are also attempting to profit from the Log4shell vulnerability, which stunned IT professionals around the world over the weekend. This is what IT security companies report. Checkpoint, an IT security firm, counted the attack attempts: 40,000 on Saturday, twelve hours after the vulnerability was discovered, and more than 800,000 after 72 hours. A checkpoint refers to a “cyber pandemic” as a result of the company’s explosive growth.

 

The mullahs’ regime secretly install ransomware

State hackers are attempting to exploit Log4shell, according to the Microsoft security team, which monitors and analyses hacker organizations. Log4shell would be used by Chinese, Iranian, North Korean, and Turkish state groups. They attempted to modify the attack mechanism for the vulnerability, which has been known since last week and mix it with existing malware for their own reasons. Unauthorized users could remotely take control of machines in this method.

The Iranian group, nicknamed Phosphorus by Microsoft, exploited the flaw to secretly install ransomware on target devices. This type of software encrypts data on victims’ computers, leaving them unusable. It’s frequently used to extract ransom from ‘shackled’ businesses and organizations. The gang, according to analysts, utilizes ransomware to either gain money or harm its targets. Log4shell is also being used by the Chinese outfit Hafnium to target software infrastructure. Through the vulnerability, other entities have gained access to networks and are now selling access to ransomware hackers. Mandiant, an IT security firm, also claims to have discovered Iranian and Chinese state hackers using Log4shell.

 

 

Armies of hijacked computers linked together by criminals

However, according to Microsoft, “mass scans” account for the majority of Log4Shell activity: attackers “feel their way” through the Internet hunting for vulnerable machines. This technology is also used by botnets, which are armies of hijacked computers linked together by criminals. Some of the scans measured, on the other hand, are likely to be attributed to IT security experts who wish to defend devices rather than take them over. Hackers installed so-called currency miners on their victims’ computers over the weekend. The attackers aim to exploit their processing power to manufacture cryptocurrency in secret for their own use. Both Windows and Linux systems are vulnerable.

The Apache Software Foundation, which maintains Log4j, has released a security upgrade to address the issue. Meanwhile, the US cybersecurity agency has set a deadline. Federal agencies were advised to download the software by Christmas.

 

 

The mullahs’ regime this time aimed at telecommunication

The foundation’s initial update, however, did not completely protect systems. Log4j version 2.15.0 had a flaw that attackers may exploit to bring the software to a halt. This is now closed with the latest release 2.16.0. Anyone who manages servers on the network should act right away.

Throughout recent weeks, security researchers have discovered another state-sponsored hacking effort by the Iranian government, this time aimed at telecommunication and IT service providers in the Middle East and Asia.

The effort has been ongoing for the previous six months, and there are possible ties to the MERCURY, an Iranian-backed actor. Symantec’s Threat Hunter Team alerted them to this. Recent attacks on Israel, Jordan, Kuwait, Saudi Arabia, the United Arab Emirates, Pakistan, Thailand, and Laos provided data.

 

 

MEK Iran (follow us on Twitter and Facebook)

and follow Maryam Rajavi’s on her site    Twitter & Facebook

and follow NCRI  (Twitter & Facebook)  and People’s Mojahedin Organization of Iran – MEK IRAN – YouTube