Iranian Hackers Installed Crypto Miner in Federal Agency After Exploiting Unpatched Log4Shell Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) said Iranian hackers breached a federal agency that failed to patch the Log4Shell vulnerability and deployed a crypto miner. The Log4Shell vulnerability (CVE-2021-44228) is a critical remote code execution flaw on Apache’s Log4j logging library popular with Java developers.

The breach that occurred as early as February 2022 impacted an unnamed federal civilian executive branch organization (FCEB). However, the Washington Post identified the breached federal agency as the U.S. Merit Systems Protection Board, according to people familiar with the incident.

CISA discovered the intrusion in April while conducting a network-wide analysis using the intrusion detection system Einstein. The security agency discovered “bi-directional traffic between the network and a known malicious IP address associated with exploitation of the Log4Shell vulnerability.”

Read more…
Source: CPO Magazine