CoinMiner (KONO DIO DA) Distributed to Linux SSH Servers
AhnLab Security Emergency response Center (ASEC) has recently discovered XMRig CoinMiner being installed on poorly managed Linux SSH servers. The attacks have been happening with a distinct pattern since 2022: they involve the usage of malware developed with Shell Script Compiler (SHC) when installing the XMRig, as well as the
8220 Gang Uses Log4Shell Vulnerability to Install CoinMiner
Ahnlab Security Emergency response Center (ASEC) has recently confirmed that the 8220 Gang attack group is using the Log4Shell vulnerability to install CoinMiner in VMware Horizon servers. Among the systems targeted for the attack, there were Korean energy-related companies with unpatched and vulnerable systems, hence being preyed upon by multiple
Lazarus Group Exploiting Log4Shell Vulnerability (NukeSped)
In December last year, the vulnerability (CVE-2021-44228) of Java-based logging utility Log4j became a worldwide issue. It is a remote code execution vulnerability that can include the remote Java object address in the log message and send it to the server using Log4j to run the Java object in the
![[Announcement] New Log4j Vulnerability (CVE-2021-45105) – Log4j 2.17.0](https://asec.ahnlab.com/wp-content/uploads/2021/12/39_cyber-security_02.png)
[Announcement] New Log4j Vulnerability (CVE-2021-45105) – Log4j 2.17.0
CVE-2021-45105 vulnerability that operates in Log4j 2.16.0 version was additionally revealed on December 18th, 2021 (CVSS 7.5). 1. Vulnerable Versions Log4j 2.0-beta9 to 2.16.0 2. Vulnerability Exploitation Technique Vulnerability exploitations may occur if applications that use Log4j are enabled with the layout pattern and thread context features. The following shows
![[Notice] Log4j Core Affected by Apache Log4j Vulnerability CVE-2021-44228](https://asec.ahnlab.com/wp-content/uploads/2021/12/38_security-alert_01.png)
[Notice] Log4j Core Affected by Apache Log4j Vulnerability CVE-2021-44228
AhnLab recommends security updates for Apache Log4j vulnerability. Apache Log4j Vulnerability Information Vulnerability Vulnerability (CVE-2021-44228, CVSS 10.0) that the attacker can remote code execute via a log message in Log4j 2.x version [1] Vulnerability (CVE-2021-45046, CVSS 3.7) in Log4j 2.x version that allows the attacker to cause Denied of Service
