Cybersecurity company CrowdStrike identified a China-based threat group exploiting a Log4j vulnerability to infiltrate an academic institution. CrowdStrike dubbed the group “Aquatic Panda” and believe the group’s goal was to collect intelligence and conduct industrial espionage although the attack was disrupted. The team at CrowdStrike discovered that Aquatic Panda used a public GitHub project from Dec. 13th, 2021 to gain access to the vulnerable instance of VMWare Horizon. Threat actors of every skill level continue to exploit Log4j vulnerabilities, especially on servers that answer connections from the public Internet. Threat researchers have seen APT groups from North Korea, Iran, Turkey, China as well as ransomware operators and cybercriminals exploiting the vulnerability.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is