Chinese Hackers Exploit Discovery of Log4Shell Vulnerability

( Last week a flaw the public was warned about a flaw in the Apache Log4j software that helps applications interact across computer networks. And already, Chinese hackers are exploiting the vulnerability which, according to experts, could be the most serious threat in decades.

The Apache Log4j Remote Code Execution Vulnerability, dubbed Log4Shell, allows hackers to take control of servers running the software and repurpose them any way they choose. Hackers could steal data stored on servers, including medical or financial records and photos. They could also exploit the flaw to launch ransomware attacks.

The Apache Log4j software logs user activity and app behavior on computer networks. It is an application programming interview (API) that carries and retrieves data across the network. APIs are open-source, meaning they can be accessed by anyone. The Log4Shell flaw gives hackers a backdoor into the networks using the Log4J program.

If a user discovers his data is vulnerable, this isn’t much the user can do to secure it or find out if a hacker has been able to access it.

It is believed millions of companies are in danger from this Log4J vulnerability. Tech companies like Microsoft, Cisco, IBM, and Google, not to mention some US government agencies have found some of their servers are vulnerable.

After the vulnerability was discovered, Apache issued guidelines to tackle the threat, urging customers who use Log4j to update the software to the version released after Apache became aware of the flaw.

The US cybersecurity firm Mandiant reported that they found sophisticated hacking groups are already exploiting the flaw to breach servers. Mandiant described these hackers as “Chinese government actors.”

SentinelOne, another cybersecurity firm, also confirmed that Chinese hackers are moving in to exploit the flaw.

Cybersecurity experts are calling the Log4Shell flaw one of the most severe cyber risks in history because Log4j is used in a wide range of devices that use Java software.

Popular online services including Netflix, Amazon, Uber, and LinkedIn, as well as cloud-based services like Apple iCloud, Android OS, Google Documents, and others, are all believed to be under threat from the flaw.

Tech companies like Amazon, Apple, and IBM have already moved to address the vulnerability in their products. However, hackers had at least a week’s head-start before the flaw was made public.