Iranian hackers leveraged Log4Shell to penetrate US federal agency

Threat Level

Attack Report

For a detailed threat advisory, download the pdf file here

Summary

Iranian APT activity was detected on the networks of federal agencies. The intruders utilized an exploit targeting Log4Shell (CVE-2021-44228) to install XMRig crypto mining software on an unpatched VMware Horizon server. Due to the similarity in the tools used and attack chain hive pro threat research team has linked it to the Iranian state-sponsored actor Fox Kitten