02 Mar 2022

Full Log4Shell Attack Chain-Enabled Conti Ransomware Gang Supports Russia; Ukrainian Gang Member Retaliates

In early February, a cybercrime crackdown by Russian authorities included the arrest of members of the REvil gang. Overall, follow-up reports suggested a growing sentiment that the Russian authorities were out to optimize the appeasement value to the U.S. of the arrests. We later suggested that the REvil Gang arrest was possibly a false flag operation. Our suggested scenario at the time:  The Russians gave up the REvil Gang while still planning to lean on non-state actors for the plausible deniability of cyberwar operations. Our latter assumption has proven true.  A few days ago, the Conti Gang announced their support for the Russian Government.

Read More
20 Jan 2022

CISA Insights Bulletin Urges U.S. Preparation for Data Wiping Attacks

In what felt like coordinated attacks last Friday, data-wiping malware (masquerading as ransomware) hit Ukrainian government organizations and was quickly followed by an aggressive unattributed cyber attack on Ukrainian government sites. The attacks prompted the release of a CISA Insights Bulletin urging U.S. organizations to strengthen their cybersecurity defenses. 

Read More
17 Jan 2022

Log4Shell Activity:  Non-State Actors (Global)

Following is an update of Log4Shell activities organized by nation-states – with non-state actors and cybercriminal organizations which are suspected to be state-affiliated or located in the country.

Read More
11 Jan 2022

Log4Shell Incidents and Mitigation Activities To-date: Governmental Agencies (Global)

An up-to-the-minute summary of major Log4Shell incidents and mitigation activities – as reported by governmental agencies from around the world since the inception of the threat in December 2021.

Read More
11 Jan 2022

Log4Shell Update from CISA Director Easterly and DHS CISA JCDC Company Updates

Many OODA Loop members have had their nose to the grindstone right through the holiday season attending to the potential impacts of the Log4j and Log4Shell vulnerabilities within their organization.  Following is a ‘big picture’ update of CISA press releases, global incidents, and impacts for your review when you come up for air and need to assess more of the strategic challenge ahead with the vulnerability.

Read More
11 Jan 2022

Log4J-Related RCE Flaw in H2 Database Earns Critical Rating

Researchers have detected a critical vulnerability in the H2 open-source Java SQL database that bears similarities to the Log4J vulnerability. However, this flaw does not pose a widespread threat. Researchers stated that the flaw opens the door for an adversary to execute remote code on vulnerable systems. H2 is attractive

Read More
03 Jan 2022

Log4Shell Exploit Used in Cox Media Group Ransomware Attack Attributed to Iranian Hackers

In June of last year, Cox Media Group (CMG) IT systems and live streams were the targets of a ransomware attack. The Microsoft Threat Intelligence Center (MSTIC) has attributed the attack to an Iranian threat actor, codenamed DEV-0270, a group linked to multiple intrusions of US companies. The attack is part of larger trends in Iranian hacker activity globally identified by the MSTIC. This attribution is also one of many Log4Shell vulnerability headlines of the last three weeks, as DEV-0270 (also known as Phosphorus) exploited Log4Shell in Log4j for initial access to the CMG systems. 

Read More
27 Dec 2021

Multiple Log4j scanners released by CISA, CrowdStrike

Last week, the CISA released its own Log4j scanner alongside several others published by various cybersecurity companies and researchers. The open-sourced tool is derived from scanners created by other members of the community and is designed to help organizations determine if they have vulnerable web services affected by the critical

Read More
27 Dec 2021

Five Eyes Issue Joint Log4Shell Advisory: “Agencies Strongly Urge All Organizations Take Immediate Action to Protect their Networks”

The Five Eyes intelligence allies – government agencies in the United States, United Kingdom, Australia, Canada, and New Zealand – issued a joint Cybersecurity advisory (CSA) days before the Christmas holiday, offering guidance for the Apache Log4j vulnerability worldwide.  Nation-states and ransomware gangs are already starting to exploit the vulnerabilities, including Log4Shell (part of the Log4j software library).

Read More
14 Dec 2021

CISA Apache Log4j Vulnerability Guidance Webpage Up and Running with Mitigation Guidance from JCDC Partners

Relative to other cyber incidents in the last few months, Log4j is proving severely problematic. If you are in the middle of your impact and mitigation assessment, hands down the most important resource available is the webpage CISA launched yesterday to address the current Log4j activity. Per OODA CEO Matt Devost: “This is a great page and we should highlight that it exists for OODA Loop members.  CISA has done a great job here.” Log4j is also the first US-CERT notification to put front and center private sector collaboration through the newly formed DHS CISA Joint Cyber Defense Collaborative (JCDC).

Read More