More than 1.8 million attacks, against half of all corporate networks, have already launched to exploit Log4Shell.

Call it a “logjam” of threats: Attackers including nation-state actors have already targeted half of all corporate global networks in security companies’ telemetry using at least 70 distinct malware families — and the fallout from the Log4j vulnerability is just beginning.

Researchers manning keyboards all over the world have spent the past several days chasing attacks aimed at a now-infamous Log4j Java library bug, dubbed Log4Shell (CVE-2021-44228). Side note: Log4j is pronounced, “log forge” — although that’s disputed, because it’s also referred to in conversation as “log-four-jay.” Dealer’s choice there.

First discovered among Minecraft players last week, the newly discovered vulnerability has opened a massive opportunity for threat actors to hijack servers, mostly with coin miners and botnets, but also a cornucopia of other malware such as the StealthLoader trojan — and that’s just so far.

“We’ve seen a lot of chatter on Dark Web forums, including sharing scanners, bypasses and exploits,” Erick Galinkin, an artificial intelligence researcher at Rapid7, told Threatpost. “At this point, more than 70 distinct malware families have been identified by us and other security researchers.”

For instance, Bitdefender researchers this week discovered that threat actors are attempting to exploit Log4Shell to deliver a new ransomware called Khonsari to Windows machines.

Check Point research reported Wednesday that since last Friday, its team has detected 1.8 million Log4j exploit attempts on almost half of all corporate networks that they track.

These threat actors aren’t low-skilled hobbyists. Check Point added that as of Wednesday, Iranian hacking group Charming Kitten, also known as APT 35 and widely believed to be working as a nation-state actor, is actively targeting seven specific Israeli organizations across the government and business sectors.

“Our reports of the last 48 hours prove that both criminal-hacking groups and nation state actors are engaged in the exploration of this vulnerability, and we should all assume more such actors’ operations are to be revealed in the coming days,” Check Point added.

Microsoft meanwhile reported that nation-state groups Phosphorus (Iran) and Hafnium (China), as well as unnamed APTs from North Korea and Turkey are actively exploiting Log4Shell (CVE-2021-44228) in targeted attacks. Hafnium is known for targeting Exchange servers with the ProxyLogon zero-days back in March, while Phosphorus made headlines for targeting global summits and conferences in 2020.

“This activity ranges from experimentation during development, integration of the vulnerability to in-the-wild payload deployment and exploitation against targets to achieve the actor’s objectives,” the company said in a posting.

Read Extended Article.