Researchers Uncover First Use Of Log4Shell Flaw In Attack

December 17, 2021

BitDefender recently discovered the first ransomware family installed directly through Log4Shell exploits. In their statement, the researchers pointed out that the exploit downloads a Java class, which is loaded and executed by the Log4j application.

After it was loaded, it would download a .NET binary from the same server to install new ransomware known as Khonsari.

While the name appears as an extension for encrypted files, it is also used in the ransom note. Since a public exploit was released for Log4Shell, attackers have been scrambling to exploit the vulnerability.

The vulnerability allows attackers to easily identify vulnerable devices or execute code supplied by a remote site.

Giving details on the Khonsari ransomware, Michael Gillespie explained that Khonsari uses valid encryption and is secure.

However, an irregularity observed in its ransom note does not offer room for how to reach the threat actor. This suggests that Khonsari may not be ransomware, but instead a wiper.

For more information, read the original story in BleepingComputer.

Researchers Uncover First Use Of Log4Shell Flaw In Attack

Top Stories

Meta faces backlash after facial recognition code found in smart glasses app

Apple reportedly taps Google Gemini and Nvidia Blackwell Chips for new Siri

Researchers warn AI coding agents can be manipulated through hidden skill files

Amazon shuts down internal AI leaderboard after employees found ways to game the system

Google CEO pushes back on ‘Google Zero’ fears

Tesla insiders say they wouldn’t trust Full Self-Driving

Related Articles

New ‘HTTP/2 Bomb’ attack can crash major web servers from a single computer

CISA exposed internal passwords and cloud keys in public repository

Canvas restores service after cyberattack disrupted schools and universities

Security researcher finds extensive tracking and security concerns inside White House mobile app

TND News Desk

TND News Desk

Jim Love