02 Mar 2022

Full Log4Shell Attack Chain-Enabled Conti Ransomware Gang Supports Russia; Ukrainian Gang Member Retaliates

In early February, a cybercrime crackdown by Russian authorities included the arrest of members of the REvil gang. Overall, follow-up reports suggested a growing sentiment that the Russian authorities were out to optimize the appeasement value to the U.S. of the arrests. We later suggested that the REvil Gang arrest was possibly a false flag operation. Our suggested scenario at the time:  The Russians gave up the REvil Gang while still planning to lean on non-state actors for the plausible deniability of cyberwar operations. Our latter assumption has proven true.  A few days ago, the Conti Gang announced their support for the Russian Government.

Read More
17 Jan 2022

Log4Shell Activity:  Non-State Actors (Global)

Following is an update of Log4Shell activities organized by nation-states – with non-state actors and cybercriminal organizations which are suspected to be state-affiliated or located in the country.

Read More
11 Jan 2022

Log4Shell Incidents and Mitigation Activities To-date: Governmental Agencies (Global)

An up-to-the-minute summary of major Log4Shell incidents and mitigation activities – as reported by governmental agencies from around the world since the inception of the threat in December 2021.

Read More
11 Jan 2022

Log4Shell Update from CISA Director Easterly and DHS CISA JCDC Company Updates

Many OODA Loop members have had their nose to the grindstone right through the holiday season attending to the potential impacts of the Log4j and Log4Shell vulnerabilities within their organization.  Following is a ‘big picture’ update of CISA press releases, global incidents, and impacts for your review when you come up for air and need to assess more of the strategic challenge ahead with the vulnerability.

Read More
04 Jan 2022

Log4j flaw attack levels remain high, Microsoft warns

Microsoft has warned Windows and Azure customers to remain on high alert after observing continues state-sponsored and cyber criminal attackers probing systems for the Log4Shell flaw throughout December. The flaw was disclosed by the Apache Software Foundation on December 9, however, the vulnerability will likely take years to remediate due

Read More
03 Jan 2022

Log4Shell Exploit Used in Cox Media Group Ransomware Attack Attributed to Iranian Hackers

In June of last year, Cox Media Group (CMG) IT systems and live streams were the targets of a ransomware attack. The Microsoft Threat Intelligence Center (MSTIC) has attributed the attack to an Iranian threat actor, codenamed DEV-0270, a group linked to multiple intrusions of US companies. The attack is part of larger trends in Iranian hacker activity globally identified by the MSTIC. This attribution is also one of many Log4Shell vulnerability headlines of the last three weeks, as DEV-0270 (also known as Phosphorus) exploited Log4Shell in Log4j for initial access to the CMG systems. 

Read More
03 Jan 2022

APT ‘Aquatic Panda’ Targets Universities with Log4Shell Exploit Tools

Researchers at CrowdStrike recently released a report detailing an attempt by the advanced persistent threat group Aquatic Panda to steal industrial intelligence and military secrets. Aquatic Panda targeted an unknown academic institution in the attack, which was successfully thwarted by CrowdStrike. The cybercriminals are the latest group to exploit the

Read More
30 Dec 2021

Alibaba Suffers Government Crackdown Over Log4j

Alibaba, a Chinese tech giant, has reportedly been criticized by China’s top tech regulator for failing to report the infamous Log4j vulnerability quick enough. The firm’s Alibaba Cloud business did not report the flaw to the Ministry of Industry and Information Technology (MIIT) in a timely manner as required by

Read More
27 Dec 2021

Five Eyes Issue Joint Log4Shell Advisory: “Agencies Strongly Urge All Organizations Take Immediate Action to Protect their Networks”

The Five Eyes intelligence allies – government agencies in the United States, United Kingdom, Australia, Canada, and New Zealand – issued a joint Cybersecurity advisory (CSA) days before the Christmas holiday, offering guidance for the Apache Log4j vulnerability worldwide.  Nation-states and ransomware gangs are already starting to exploit the vulnerabilities, including Log4Shell (part of the Log4j software library).

Read More
21 Dec 2021

Conti Ransomware Gang Has Full Log4Shell Attack Chain

According to new reports, the sophisticated Russia-based Conti ransomware group has become the first group to weaponize Log4j2 with a full attack chain. Last week, the group became the first professional cybercrime group to adopt the Log4Shell vulnerability and has since built up a holistic attack chain, according to researchers.

Read More