An unprecedented targeted invasion based on China is called Aquatic Panda It has been observed to use key flaws in the Apache Log4j log library as an access vector to perform various post-exploitation operations, including reconnaissance and credential collection of the target system.
CrowdStrike, a cybersecurity company, said the frustrated penetration targeted an unnamed “large academic institution.” It is believed that this state-sponsored organization has been active since mid-2020 to engage in intelligence gathering and industrial espionage, and its attacks mainly target companies in the telecommunications, technology, and government sectors.
Attempt to invade exploit the newly discovered Log4Shell flaw (CVE-2021-44228, CVSS score: 10.0) to access vulnerable instances horizon Desktop and application virtualization products then run a series of malicious commands to obtain the payload of threat actors hosted on remote servers.
“A modified version of the Log4j vulnerability may have been used in the operation of the threat actor,” the researcher famousAnd added that it involves the use of a vulnerability published on GitHub on December 13, 2021.
Aquatic Panda’s malicious behavior is not only to detect the infected host. It first tries to stop the third-party Endpoint Detection and Response (EDR) service, and then continues to retrieve the next-stage payload aimed at obtaining the reverse shell and obtaining credentials.
But after the victim organization received the incident alert, the entity “was able to quickly implement their incident response protocol, eventually patching vulnerable applications and preventing further threat actors activity on the host.” Given the successful interruption of the attack, it is definite The intention is still unknown.
