China-backed hackers have been spotted exploiting a security flaw in Internet software.
According to Microsoft, cyber groups affiliated to China and Iran have launched assaults using the Log4j weakness.
It’s one of the most serious cybersecurity risks to emerge in years, according to researchers, and it might allow for devastating strikes.
According to cybersecurity firms and Microsoft Corp., hackers linked to China and other countries are among an increasing number of cyberattackers attempting to exploit a widespread and severe weakness in computer server software.
Cybersecurity researchers say it is one of the most dire cybersecurity threats to emerge in years and could enable devastating attacks, including ransomware, in both the immediate and distant future. Government-sponsored hackers are often among the best-resourced and most capable, analysts say.
The involvement of hackers whom analysts have linked to nation-states underscored the increasing gravity of the flaw in Log4j software, a free bit of code that logs activity in computer networks and applications.
“The effects of this vulnerability will reverberate for months to come—maybe even years—as we try to close these doors and try to hunt down all the actors who made their way in,” said John Hultquist, vice president of intelligence analysis at the U.S.-based cybersecurity firm Mandiant Inc.
Both Microsoft and Mandiant said they have observed hacking groups linked to China and Iran launching attacks that exploit the flaw in Log4j. In an update to its website posted late Tuesday, Microsoft said that it had also seen nation-backed hackers from North Korea and Turkey using the attack. Some attackers appear to be experimenting with the attack; others are trying to use it to break into online targets, Microsoft said.
One of the groups exploiting the security hole in Log4j is the same China-backed group that was linked to a widespread attack on Microsoft Exchange servers earlier this year, Microsoft said. In July, the Biden administration blamed China for the Microsoft Exchange attack and said it had high confidence hackers tied to the Ministry of State Security were behind it. Dozens of other countries also blamed Beijing, which has denied involvement in the hacking. A spokesman for the Chinese Embassy in Washington said Wednesday that Beijing opposes “cyberattacks of any kind” and highlighted that the Log4j vulnerability was first reported by a security team in China.
Security researchers have seen no signs to date, however, that China or another nation-state hacking group is attempting widespread exploitation of the Log4j issue on the same scale as the Microsoft Exchange attacks, which infected hundreds of thousands of servers across the globe.
- China-backed hackers have been detected exploiting a security flaw in Internet software
- Check all news and articles from the latest Security news updates.