Monday, May 20, 2024

Chinese Hackers Exploit Academic Institution using Log4J Vulnerability

Chinese Hackers Target Academic Institution

A never-before-seen Chinese based focused intrusion adversary, dubbed, “Aquatic Panda” has been found leveraging security flaws in the Apache Log4j logging library.

The Log4J vulnerability was used as an access vector to carry out post-exploitation operations and credentials sniffing.
Cybersecurity organization CrowdStrike stated the infiltration, which turned into in the end foiled, turned into geared toward an unnamed “huge educational institution.”

The state-subsidized institution is thought to have been running since mid-2020 in pursuit of intelligence series and business espionage, with its assaults frequently directed towards groups withinside the telecommunications, technology, and authorities sectors.

The attempted intrusion exploited the newly discovered Log4Shell flaw (CVE-2021-44228, CVSS score: 10.0) to gain access to a vulnerable instance of the VMware Horizon desktop and app virtualization product, followed by running a series of malicious commands orchestrated to fetch threat actor payloads hosted on a remote server.

chinese hackers exploit

“A modified version of the Log4j exploit was likely used during the course of the threat actor’s operations,” the researchers noted, adding it involved the use of an exploit that was published in GitHub on December 13, 2021.

Aquatic Panda’s malicious behaviour went beyond conducting reconnaissance of the compromised host, starting with making an effort to stop a third-party endpoint detection and response (EDR) service, before proceeding to retrieve next-stage payloads designed to obtain a reverse shell and harvest credentials.

After the organization was alerted to the incident, the entity was able to quickly implement its incident response protocol. Which involved patching the vulnerable application and preventing further threat actor activity on the host.

Recommended:  Email hijackers con businesses out of food as well as money

In light of the attack’s successful disruption, the exact intent remains unknown.


What is Endpoint Security?

Endpoint security is the practice of securing endpoints or entry points of end-user devices such as desktops, laptops, and mobile devices from being exploited by malicious actors and campaigns. Endpoint security systems protect these endpoints on a network or in the cloud from cybersecurity threats. Endpoint security has evolved from traditional antivirus software to providing comprehensive protection from sophisticated malware and evolving zero-day threats.

ClosePlease login
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

User Avatar
Steven Black (n0tst3)
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

more infosec reads

Subscribe for weekly updates