A hacking group identified with the Iranian regime is using a computer vulnerability called one of the worst ever seen to attack Israeli targets, a cybersecurity firm said Wednesday.
Governments and internet security experts have raised alarms over the flaw, known as Log4j, which lets internet-based attackers easily seize control of everything from industrial control systems to web servers and consumer electronics.
According to Tel Aviv-based Check Point, hacking group APT35, also known as Charming Kitten, attempted to use the exploit against seven Israeli targets from the business and government sectors on Tuesday and Wednesday.
“Check Point has blocked these attacks, as we witnessed communications between a server used by this group and the targets in Israel,” the firm said.
It did not detail what the targets were, but said no attempts by the group to go after entities in other countries were identified.
Sign up for the Startup Daily
and never miss Israel’s top tech stories
By signing up, you agree to the terms
Microsoft and cybersecurity firm Mandiant also identified attempts by Iranian actors to use the flaw, along with Chinese, Turkish and North Korean hackers.
John Hultquist, a top analyst with Mandiant, wouldn’t name targets but said the Iranian actors are “particularly aggressive” and had taken part in ransomware attacks against Israel primarily for disruptive ends.
APT35, which is thought to be linked to Iran’s Islamic Revolutionary Guards Corps, is known mainly for carrying out phishing attacks on journalists, activists, NGOs and others, with many of its efforts focused on Israel.
Illustrative: A cybersecurity expert stands in front of a map of Iran as he speaks to journalists about the techniques of Iranian hacking, on September 20, 2017, in Dubai, United Arab Emirates. (AP/Kamran Jebreili)
The top US cybersecurity defense official, Jen Easterly, deemed the Log4j exploit “one of the most serious I’ve seen in my entire career, if not the most serious” in a call Monday with state and local officials and partners in the private sector.
Publicly disclosed last Thursday, it’s catnip for cybercriminals and digital spies because it allows easy, password-free entry.
Check Point said Tuesday it detected more than half a million attempts by known malicious actors to identify the flaw on corporate networks across the globe. It said the flaw was exploited to install cryptocurrency mining malware — which uses computing cycles to mine digital money surreptitiously — in five countries, but did not identify any locations outside Israel.
The affected software, written in the Java programming language, logs user activity. Developed and maintained by a handful of volunteers under the auspices of the open-source Apache Software Foundation, it is highly popular with commercial software developers. It runs across many platforms — Windows, Linux, Apple’s macOS — powering everything from webcams to car navigation systems and medical devices, according to the security firm Bitdefender.
A wide swath of critical industries, including electric power, water, food and beverage, manufacturing and transportation, were exposed, said Dragos, a top cybersecurity firm.
“I think we won’t see a single major software vendor in the world — at least on the industrial side — not have a problem with this,” said Sergio Caltagirone, the company’s vice president of threat intelligence.
The US Department of Homeland Security has ordered federal agencies to urgently find and patch bug …….