CyberNews Briefs

Iranian attackers are using Log4Shell to target organizations in Israel

Microsoft has released a statement warning that a threat actor based in Iran dubbed Mercury is using the well-known Log4Shell flaws that lie in an application created by IT vendor SysAid. The campaign is targeting organization in Israel who are vulnerable to the flaw’s exploit. Microsoft stated with high confidence that the campaign is associated with the Iranian Ministry of Intelligence and Security. The group is also referred to as MuddyWater.

The campaign marks a new approach for the threat actor, who has previously used Log4Shell remote code execution flaws in VMware apps to conduct its attacks. SysAid is an organization founded in Israel. The company released Log4j patches for its cloud products in January, shortly after the Apache Software Foundation disclosed the flaws. Microsoft stated that its 365 Defender Research Team detected the attacks a few weeks ago.

Read More: Iranian attackers are using Log4Shell to target organizations in Israel

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.