According to new reports, the sophisticated Russia-based Conti ransomware group has become the first group to weaponize Log4j2 with a full attack chain. Last week, the group became the first professional cybercrime group to adopt the Log4Shell vulnerability and has since built up a holistic attack chain, according to researchers. Palo Alto Networks has referred to the group as one of the most ruthless ransomware groups known to be active. Palo Also Networks stated that Conti was able to leverage the Log4Shell vulnerability quickly and develop the attack chain.
Advanced Intelligence released a report confirming that the Conti ransomware group got lucky in that they possessed the right tools when the Log4Shell vulnerability was publicized roughly ten days ago. This week, the attack chain has taken forms such as Emotet and Cobalt Strike to compromise victims’ networks.
Read More: Conti Ransomware Gang Has Full Log4Shell Attack Chain
So What: This is absolutely playing out as expected. This is a serious weaponization of a vulnerability that will be in the infrastructure of the Internet for years.
What’s Next: Expect more criminal gangs to follow suite and build weaponized capabilities like this. Also expect the ecosystem of hackers that collaborate on attacks (via ransomware as a service models) to leverage this vulnerability.
Your Action: Read the latest on the cyber threat and defensive strategies at the OODA Cyber Sensemaking page. Become an OODA Network member to discuss this topic with peers.