Hackers associated with the governments of China, Iran, North Korea and Turkey have been trying to find ways to leverage the Apache Log4j vulnerability, Microsoft’s Threat Intelligence Team said Tuesday. The notice came the same day a top U.S. government cyber official said that the Cybersecurity and Infrastructure Security Agency hasn’t seen any U.S. federal agencies targeted with the exploit, but that the government is still fearful of attacks. Hundreds of millions of devices are potentially at risk, an agency official previously said. Microsoft’s notice said its analysts had observed “multiple” known state-associated hacking groups working with the vulnerability, with activity ranging from experimentation to integration in active campaigns to exploitation of targets. The flaw is so severe, computer security specialists have warned, that a successful attack could result in the takeover of an affected system. An Iranian group Microsoft calls “Phosphorus” — known alternatively as “Charming Kitten” — that […]
The post Nation-state hackers aim to exploit Log4j software flaw, Microsoft warns appeared first on CyberScoop.
Continue reading Nation-state hackers aim to exploit Log4j software flaw, Microsoft warns→