Log4Shell Exploit Used in Cox Media Group Ransomware Attack Attributed to Iranian Hackers
In June of last year, Cox Media Group (CMG) IT systems and live streams were the targets of a ransomware attack. The Microsoft Threat Intelligence Center (MSTIC) has attributed the attack to an Iranian threat actor, codenamed DEV-0270, a group linked to multiple intrusions of US companies. It has been determined that the attackers achieved access to and had been active on the CMG systems since May of 2021.
The attack is part of larger trends in Iranian hacker activity globally identified by the MSTIC. According to Microsoft, At CyberWarCon 2021, “MSTIC analysts presented their analysis of these trends in Iranian nation-state actor activity during a session titled ‘The Iranian evolution: Observed changes in Iranian malicious network operations’.”
Advanced persistent threat (APT) actors like DEV-0270 usually engage in intelligence collection operations and financially-motivated attacks, according to a Microsoft threat intelligence report on the group. It may be part of a larger trend, also discussed by the MSTIC researchers, which is the use of a seemingly “benign” ransomware attack to hide intelligence collection. A ransomware attack would trigger the type of IT and cybersecurity investigation less concerned with finding intelligence collection activities and patterns in a system. Another scenario is that CMS was a company with no intelligence collection value for the hackers, but allowed for an opportunity to monetize the activity through a ransomware attack. The intent of the Iranian APT attack on the American media company remains unclear.
This attribution is also one of many Log4Shell vulnerability headlines of the last three weeks, as DEV-0270 (also known as Phosphorus) exploited Log4Shell in Log4j for initial access to the CMG systems. Additional recent fallout from Log4Shell vulnerability (since we last reported on the Five Eyes Issued Joint Log4Shell Advisory over the holiday) include:
— Will | Bushido (@BushidoToken) December 29, 2021
Black Swans and Gray Rhinos
Now more than ever, organizations need to apply rigorous thought to business risks and opportunities. In doing so it is useful to understand the concepts embodied in the terms Black Swan and Gray Rhino. See: Potential Future Opportunities, Risks and Mitigation Strategies in the Age of Continuous Crisis
Cybersecurity Sensemaking: Strategic intelligence to inform your decisionmaking
The OODA leadership and analysts have decades of experience in understanding and mitigating cybersecurity threats and apply this real world practitioner knowledge in our research and reporting. This page on the site is a repository of the best of our actionable research as well as a news stream of our daily reporting on cybersecurity threats and mitigation measures. See: Cybersecurity Sensemaking
Corporate Sensemaking: Establishing an Intelligent Enterprise
OODA’s leadership and analysts have decades of direct experience helping organizations improve their ability to make sense of their current environment and assess the best courses of action for success going forward. This includes helping establish competitive intelligence and corporate intelligence capabilities. Our special series on the Intelligent Enterprise highlights research and reports that can accelerate any organization along their journey to optimized intelligence. See: Corporate Sensemaking
Artificial Intelligence Sensemaking: Take advantage of this mega trend for competitive advantage
This page serves as a dynamic resource for OODA Network members looking for Artificial Intelligence information to drive their decision-making process. This includes a special guide for executives seeking to make the most of AI in their enterprise. See: Artificial Intelligence Sensemaking
COVID-19 Sensemaking: What is next for business and governments
From the very beginning of the pandemic we have focused on research on what may come next and what to do about it today. This section of the site captures the best of our reporting plus daily daily intelligence as well as pointers to reputable information from other sites. See: OODA COVID-19 Sensemaking Page.
Space Sensemaking: What does your business need to know now
A dynamic resource for OODA Network members looking for insights into the current and future developments in Space, including a special executive’s guide to space. See: Space Sensemaking
Quantum Computing Sensemaking
OODA is one of the few independent research sources with experience in due diligence on quantum computing and quantum security companies and capabilities. Our practitioner’s lens on insights ensures our research is grounded in reality. See: Quantum Computing Sensemaking.
The OODAcast Video and Podcast Series
In 2020, we launched the OODAcast video and podcast series designed to provide you with insightful analysis and intelligence to inform your decision making process. We do this through a series of expert interviews and topical videos highlighting global technologies such as cybersecurity, AI, quantum computing along with discussions on global risk and opportunity issues. See: The OODAcast