Researchers Uncover First Use Of Log4Shell Flaw In Attack

December 17, 2021

BitDefender recently discovered the first ransomware family installed directly through Log4Shell exploits. In their statement, the researchers pointed out that the exploit downloads a Java class, which is loaded and executed by the Log4j application.

After it was loaded, it would download a .NET binary from the same server to install new ransomware known as Khonsari.

While the name appears as an extension for encrypted files, it is also used in the ransom note. Since a public exploit was released for Log4Shell, attackers have been scrambling to exploit the vulnerability.

The vulnerability allows attackers to easily identify vulnerable devices or execute code supplied by a remote site.

Giving details on the Khonsari ransomware, Michael Gillespie explained that Khonsari uses valid encryption and is secure.

However, an irregularity observed in its ransom note does not offer room for how to reach the threat actor. This suggests that Khonsari may not be ransomware, but instead a wiper.

For more information, read the original story in BleepingComputer.

Researchers Uncover First Use Of Log4Shell Flaw In Attack

Top Stories

New Deepfakes Can Mimic Heartbeats, Evading Detection Tools

RBC Pushes Employees Back to Office to Preserve ‘Winning Culture’

Microsoft Azure Closes Cloud Gap with AWS as AI and Enterprise Migrations Fuel Growth

Sleeper Supply Chain Attack Activates After 6 Years

Dell has another major round of layoffs

One of the biggest data breaches ever, billions of users affected

Related Articles

65% of Canadians Still Reusing Passwords Despite Identity Theft Fears, Okta Study

Ottawa Warns of China-Linked Hack on Canadian Telecom Gear

Copilot Exploit Shows How AI Agents Can Be Hijacked to Steal Corporate Data

Sleeper Supply Chain Attack Activates After 6 Years

Jim Love

Follow Us

Popular categories

Tech News Delivered