Hackers Backed by China Seen Exploiting Security Flaw in Internet Software
A security flaw in the widely used open-source software known as Apache Struts has been exploited by hackers, and it is believed that China’s government is behind the attacks. Experts say this attack could have been avoided had patches for previous vulnerabilities not been so readily available.
Hackers backed by China have been seen exploiting a security flaw in internet software. The vulnerability has been used to gain access to sensitive information from companies such as Microsoft, Adobe, and Symantec.
According to cybersecurity companies and Microsoft Corp., hackers connected to China and other countries are among an increasing number of cyberattackers attempting to exploit a widespread and serious weakness in computer server software. MSFT has a 1.92 percent market cap.
The presence of hackers affiliated to nation-states increased the severity of the vulnerability in Log4j software, a free piece of code that tracks activity in computer networks and applications.
According to cybersecurity experts, it is one of the most serious cybersecurity dangers to emerge in years, with the potential to allow catastrophic assaults, such as ransomware, in the near and far future. According to researchers, government-sponsored hackers are often among the best-resourced and most talented.
“As we strive to seal these doors and track down all the actors that found their way in, the repercussions of this vulnerability will resonate for months, if not years,” said John Hultquist, vice president of intelligence analysis at Mandiant Inc., a cybersecurity company located in the United States. -2.21 percent MNDT
Hacking organizations connected to China and Iran have launched assaults using the Log4j weakness, according to Microsoft and Mandiant. Microsoft said in a late Tuesday update to its website that the assault had also been used by state-sponsored hackers from North Korea and Turkey. According to Microsoft, some attackers seem to be experimenting with the assault, while others are attempting to exploit it to breach into internet sites.
According to Microsoft, one of the parties exploiting Log4j’s security flaw is the same China-backed gang that was tied to a major assault on Microsoft Exchange servers earlier this year. The Biden administration accused China for the Microsoft Exchange assault in July, saying it was certain that hackers linked to the Ministry of State Security were responsible. Beijing was also implicated by dozens of other nations, despite the fact that Beijing has denied any role in the hacking.
Ransomware assaults are becoming more common, victim losses are soaring, and hackers’ objectives are changing. Dustin Volz of the Wall Street Journal outlines why these assaults are on the increase and what the US can do to combat them. Laura Kammermann is the illustrator behind this image.
Beijing condemns “cyberattacks of any type,” according to a spokeswoman for the Chinese Embassy in Washington, who also noted that the Log4j vulnerability was initially disclosed by a Chinese security team.
To present, security experts have found no evidence that China or any nation-state hacking outfit is trying a large-scale exploitation of the Log4j vulnerability on the magnitude of the Microsoft Exchange assaults, which affected hundreds of thousands of servers throughout the world.
Officials from the United States indicated this week that opposing nations would inevitably try to exploit the security flaw, but that they hadn’t yet detected particular foreign parties doing so. The US government is sometimes slower than corporations like Mandiant and Microsoft in officially attributing cyberattacks to foreign countries.
According to security analysts, many other hackers are attempting to sneak into systems that are exposed to the issue in order to explore for weak servers or install bitcoin mining software, botnet code, and other types of harmful malware.
According to analysts, ransomware gangs are also utilizing the assault, increasing worries of more disruptive intrusions in the future. According to Microsoft, an Iran-backed hacker organization has been “deploying ransomware, obtaining, and modifying the Log4j vulnerability.” The assault has also been noticed by “access brokers”—hackers who breach into firms and then sell that access to other criminals, who subsequently install ransomware, a kind of malware that encrypts a victim’s data and demands money to unlock them.
By Tuesday evening, Check Point Software Technologies Ltd. had identified over 600,000 attempts by hostile hackers to exploit the Log4j issue. According to the business, almost 44% of corporate networks throughout the globe have been hacked.
“A broad spectrum of threat activities has been seen.” It’s mostly been low-level activities like cryptomining, but we anticipate adversaries of all kinds to use this weakness to accomplish their strategic objectives,” said Eric Goldstein, executive assistant director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.
Mr. Goldstein told reporters Tuesday evening that CISA is unaware of a government entity that has been hacked using the Log4j weakness. The EPA has set a deadline of Dec. 24 for federal entities to patch software to address the Log4j vulnerability.
The Log4j issue is especially concerning to researchers since the free Java-based software is utilized in a wide variety of goods. It may be found in a variety of applications, including security software, networking tools, and gaming servers. The actual number of Log4j users is unknown, but the program has been downloaded millions of times, according to the Apache Software Foundation, which developed it.
According to security experts, the attack is reliable and easy to exploit. Despite the fact that downloadable updates have already been made available, experts and US authorities believe the weakness will continue to be a concern for the foreseeable future because some firms will be hesitant or unwilling to upgrade their systems.
“It’s surprising it hasn’t spread more widely,” said Adam Meyers, senior vice president of intelligence at CrowdStrike, a cybersecurity company located in the United States that claimed it has discovered Iranian attackers using the Log4j issue. “Everyone is asking himself, ‘What aren’t we seeing?’”
Amplifications and corrections Microsoft said in a late Tuesday update to its website that the assault had also been used by state-sponsored hackers from North Korea and Turkey. The date on which Microsoft changed its website was incorrect in a previous version of this story. (This was corrected on December 15, 2021.)
Robert McMillan and Dustin Volz may be reached at Robert.Mcmillan@wsj.com and firstname.lastname@example.org, respectively.
Dow Jones & Company, Inc. All Rights Reserved. Copyright 2021 Dow Jones & Company, Inc. 87990cbe856818d5eddac44c7b1cdeb8
Watch This Video-
A security flaw in internet software has been exploited by hackers backed by China. The exploit is a type of malware that can take over devices and steal data. Reference: backed china seen exploiting flaw internet.
- hackers backed china seen exploiting security
- hackers backed china seen exploiting flaw
- hackers backed china seen security flaw
- hackers backed china seen flaw internet
- hackers backed china security flaw internet