Allies Warn of Iranian Ransom Attacks Using Log4Shell
Cybersecurity agencies that are located in the US, UK, Australia, and Canada have warned that Iranian state-sponsored hackers are exploiting Log4j vulnerabilities in ransomware campaigns. The alert was published earlier this week and claims that the Islamic Revolutionary Guard Corps (IRGC) was responsible for multiple attacks that leveraged the VMware Horizon Log4j vulnerabilities on unprotected networks. The IRGC reportedly used the flaws to enable disk encryption and data extortion, the agencies said.
The attacks include one that occurred in February and targeted a US municipal government and an aerospace company. During these attacks, the threat actors leveraged the original Log4Shell flaw and related vulnerabilities. The agencies reported that the threat actors may sell the exfiltrated data in extortion operations or reuse the data to launch double extortion ransom operations during which the threat actor uses a combination of encryption and data theft to pressure targeted entities.