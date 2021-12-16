Hackers associated with the governments of China, Iran, North Korea, and Turkey have moved to exploit a critical flaw in the software used by major internet companies throughout the world, Microsoft warned on December 14. Experimentation with the vulnerability, integration into existing hacking tools, and "exploitation against targets to achieve the actor's objectives" are among the activities carried out by foreign hacking groups, Microsoft stated in a blog post. Microsoft did not specify which firms are being targeted by the hackers.

According to Microsoft and other security organisations, the Iranian hacking gang that exploited the vulnerability has a history of delivering ransomware. The Chinese outfit was also behind a cyber attack against Microsoft Exchange email software earlier this year, which the White House slammed as irresponsible. Microsoft joined a chorus of other major cybersecurity businesses in warning that the vulnerability was being exploited by suspected foreign espionage outfits.

'We have observed these groups attempting exploitation on both Linux & Windows systems'

Microsoft stated that, "these access brokers then sell access to these networks to ransomware-as-a-service affiliates. We have observed these groups attempting exploitation on both Linux and Windows systems, which may lead to an increase in human-operated ransomware impact on both of these operating system platforms."

In a second article, Microsoft added, that its security teams have been investigating our products and services to identify where Apache Log4j may be used and are taking rapid actions to mitigate such instances. To address the issues revealed in Log4j, Apache has released two security upgrades. The software library is widely used in consumer and commercial apps, services, and websites to track security and performance statistics in programmes written in the cross-platform Java programming language.

Those security updates are meant to be applied by software makers. Once those changes have been performed, end-users should keep an eye out for software updates from those manufacturers. Given the severity of the vulnerabilities and the likelihood of an increase in exploitation by sophisticated cyber threat actors, the US Cybersecurity & Infrastructure Agency advises software vendors who use Log4j in their products to apply the patches as soon as possible and inform their users to prioritise software updates.

(With inputs from agencies)

Image: Unsplash