Microsoft has released a statement warning that a threat actor based in Iran dubbed Mercury is using the well-known Log4Shell flaws that lie in an application created by IT vendor SysAid. The campaign is targeting organization in Israel who are vulnerable to the flaw’s exploit. Microsoft stated with high confidence that the campaign is associated with the Iranian Ministry of Intelligence and Security. The group is also referred to as MuddyWater.
The campaign marks a new approach for the threat actor, who has previously used Log4Shell remote code execution flaws in VMware apps to conduct its attacks. SysAid is an organization founded in Israel. The company released Log4j patches for its cloud products in January, shortly after the Apache Software Foundation disclosed the flaws. Microsoft stated that its 365 Defender Research Team detected the attacks a few weeks ago.
Read More: Iranian attackers are using Log4Shell to target organizations in Israel