.png){kind=logo}
According to BleepingComputer, "Hackers continue to exploit the Log4j vulnerability in vulnerable applications, as shown by the Iranian 'MuddyWater' threat actor who was found targeting Israeli organizations using the SysAid software.
According to BleepingComputer, "Hackers continue to exploit the Log4j vulnerability in vulnerable applications, as shown by the Iranian 'MuddyWater' threat actor who was found targeting Israeli organizations using the SysAid software.
The vulnerability in Log4j (“Log4Shell”) was discovered and patched in December 2021 but still plagues a wide range of applications that utilize the open-source library. One of those applications is SysAid, a help desk software that released security updates for the bugs in January.
MuddyWater, aka ‘MERCURY,’ is an espionage group believed to be operated directly by Iran’s Ministry of Intelligence and Security (MOIS), recently seen targeting telcos across the Middle East and Asia.
The operations of the particular hacking group align with Iran’s national interests, so they constantly implicate Israeli entities that are considered enemies of the state."
Security Joes was mentioned in the article:
"While Microsoft’s report doesn’t go into the details of the particular tool, we know from a March 2022 report by Security Joes that the hackers added useful features like execution checks and command-line parameters.
Security Joes had loosely attributed the appearance of the customized Ligolo to MuddyWater, and Microsoft’s recent report further confirms this attribution.
The report lists more details on MuddyWater detection opportunities and hunting queries in its last section, so make sure to check it if you’re within the group’s targeting scope."
We've added more details from the SysAid attacks on Twitter: https://twitter.com/SecurityJoes/status/1570326004287029248?s=20&t=47wbjqC0O5E0nMHdVPLwgw