A dangerous Iranian state-sponsored hackers’ group has exploited a new cybersecurity flaw, reportedly targeting Israeli entities and potentially others.
The hackers have tried to exploit a flaw in the commonly used Java-based logging tool Apache Log4j. The flaw has been fixed but hackers might have already established foothold in some networks.
The Israeli cybersecurity firm Check Point has said the Iranian group involved that tried to attack Israeli entities is the familiar Charming Kitten or APT35. “Check Point has blocked these attacks, as we witnessed communications between a server used by this group and the targets in Israel,” the firm announced.
The US Federal Bureau of Investigation, FBI, also issued a guideline for companies to report suspected malicious activities on their networks related to the latest threat dubbed the Log4j vulnerability.
A cybersecurity expert, John Hultquist, said that Iranian state hackers are particularly aggressive in exploiting the latest flaw and want to use it in ransomware operations, not so much for financial gain but to cause widespread disruption.
Iran’s intelligence organs, particularly the Revolutionary Guard operate one of the world’s most dangerous cyber-threat state operations and APT35 is thought to be linked to this network.