Ever since the Apache Log4j flaw (CVE-2021-44228) was disclosed, cybercriminals looked for opportunities to exploit it and bypass security protections. Security experts from Check Point recently revealed that an Iranian threat actor group, dubbed Charming Kitten, targeted multiple Israeli firms by exploiting the Log4Shell bugs. Check Point researchers claimed that they identified communications between a server used by the Charming Kitten group and their targets in Israel.
“The Iranian hacking group (commonly associated with the local regime), named Charming Kitten or APT 35, is behind an attempt to exploit the Log4j vulnerability against seven targets in Israel (from the government and business sector) in the last 24 hours. The scope of this attack was between 6 am -4 pm PST (1600-0200 TLV time). There’s no evidence for the group’s related activity on targets outside of Israel. Our reports of the last 48 hours prove that both criminal hacking groups and nation-state actors are engaged in the exploration of this vulnerability, and we should all assume more such actors’ operations are to be revealed in the coming days,” Check Point said.
Also Read: Log4j Explained: How It Is Exploited and How to Fix It
Conti ransomware operators also abused the Log4j flaw to access the internal VMware vCenter Server and encrypt vulnerable devices. The researchers stated that Conti ransomware became the first sophisticated ransomware group weaponizing Log4j vulnerability.
Earlier, a similar Iranian hacker group Siamesekitten targeted IT and telecom companies in Israel with supply-chain attacks. The group reportedly imitated HR personnel to lure unwitting users with fake job offers. Security researchers also uncovered a cyberespionage campaign linked to an Iranian hacker group Rampant Kitten targeting expats and dissidents in Iran for almost six years. The campaign targeted government dissidents, including resistance group Mujahedin-e Khalq, the Azerbaijan National Resistance Organization, Iranian minorities, and other anti-regime organizations to exfiltrate sensitive information from their Windows systems, Telegram apps, and SMSes.
