Microsoft urged organizations using SysAid to apply security patches and update affected products and services. They also added malware to startup folders to ensure access even if the victim rebooted their system.Īccording to Microsoft, the hackers stole user credentials by leveraging the open-source application Mimikatz. The hackers then added a new user and elevated its privilege to a local administrator. The group used Log4j flaws to gain initial access to unpatched SysAid systems and dropped an infected script, a web shell, to run malicious commands. Looking for an alternative, Iranian hackers have turned to SysAid, another attractive target as it is used by numerous organizations in Israel, according to Microsoft. MuddyWater, for instance, used flaws in Log4j to exploit vulnerabilities in VMware apps, which were eventually patched. MuddyWater's new attack, detected by Microsoft in late July, is another example of state-sponsored operations exploiting Log4Shell, a vulnerability in the Java library Log4j used to add logging capabilities to web and desktop applications.Įarlier in December, Microsoft discovered that nation-state groups from China, Iran, North Korea, and Turkey were abusing Log4Shell to gain access to targeted networks. In December, the group targeted telecommunication and IT service providers in the Middle East and Asia. Cyber Command said earlier this year that the group is affiliated with the Iranian Ministry of Intelligence and Security. The threat actor, which is also known as Mercury, has targeted vulnerabilities in SysAid, a popular IT management software used by many Israeli organizations, according to a report published by Microsoft on Thursday. Iranian hacker group MuddyWater, allegedly linked to the country's state intelligence service, continues to exploit the Log4j vulnerability to gain access to corporate networks in Israel amid an ongoing proxy war between the two countries, according to new research. Microsoft: Nation-state Iranian hackers exploit Log4Shell against Israel
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |