Chinese APT Hackers Used Log4Shell Exploit To Target Academic Institution

Uploaded on 2022-01-21 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-China, FREE TO VIEW

Promotion

Chinese state-sponsored group Aquatic Panda recently attacked an important, unnamed educational institution by exploiting the major flaw in the Apache Log4Shell logging library. According to the local sources, the intrusion adversary, Aquatic Panda, conducted multiple post-exploitation operations. The attack ended up being unsuccessful.

The primary goal of the attackers is still unclear, and we don’t know what they were trying to achieve by infiltrating the system of this educational institution.

According to the institution's representatives, the group did manage to conduct reconnaissance and credential harvesting in their system. Aquatic Panda also attempted to stop third-party endpoint detection response services and wanted to retrieve next-stage payloads and harvest credentials.

Aquatic Panda is said to have become active in the mid-2020. The state-backed group’s general goals include intelligence collection through methods used in this particular attack. They also specialize in industrial espionage and typically target companies that deal with the government sector, telecommunications, and technology in general. Attacks that exploit such vulnerabilities have become more common, which should alert all institutions to up their security game and be on high alert for potential attacks similar to one orchestrated by the Aquatic Panda. 

According to the representatives from the educational institution that became the target of the Chinese state-backed attack group, the institution was able to react promptly. Soon after getting the information about the attack, the institution quickly implemented its incident response protocol and managed to detect and then patch up the vulnerability. 

But not all organizations or institutions manage to get away unscathed by similar attacks. While we know that the hackers couldn't compromise the institution’s system, we’ve seen other cases where attacks like these ended up taking down entire corporations. This is why it is so important to have strong preventative measures in place. It is much easier to invest a bit more in protection than to try and save the situation once the attackers have located the vulnerabilities in your systems. 

Here are some specific steps you can take to ensure your security online and avoid getting entangled with hacker groups like Aquatic Panda.

Use a VPN When Browsing Online

Virtual Private Networks (VPNs) reroute your network connection through a secure tunnel and connect it to a remote server that cannot be traced back to you. When we browse the web without being connected to the VPN, our IP address and other personal information are extremely easy for a stranger to access. Neglecting the privacy of our personal details is a very risky approach and could lead to serious threats to our privacy, finances, and even our well-being. Protect your identity online and use a VPN (https://nordvpn.com/download/) to browse the web safely and anonymously. 

Install Antivirus

Antivirus is a great online security investment to make - an effective preventative tool that alerts the user as soon as it detects any suspicious activity or malware in the system. These days there are plenty of options for those who want to purchase a good antivirus. They vary in price as well as what they can do for your online privacy. Simple research online will direct you towards the antivirus that is right for you. 

There are many benefits to doing things online and moving towards a more digitized society. Attacks like those orchestrated by Aquatic Panda are sadly a part of this development. Lucky for us, many tools can help us prevent similar attacks from getting out of hand.

It’s always wise to invest more in prevention than to start searching for a quick fix after the attack. The latter approach will probably cost you more in the end anyway. Use the tools mentioned here to protect yourself online.

Staying cautious will help keep your privacy without giving up all the conveniences of modern technology.

Contributed by Ulrike Niemann: Cyber security enthusiast, freelance copywriter, content marketing manager.

You Might Also Read: 

Log4j Cyber Security Flaw Seriously Concerns Experts:

 

« Europol Is Told To Delete Its 'Big Data Ark'
Is Cyber Training Fit For Purpose? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

L3Harris United Kingdom

L3Harris United Kingdom

L3Harris UK (formerly L3 TRL Technology) designs and delivers advanced electronic warfare and cyber security solutions for the protection of people, infrastructure and assets.

Irish Reporting & Information Security Service (IRISS)

Irish Reporting & Information Security Service (IRISS)

IRISS-CERT is Ireland's first CSIRT (Computer Security Incident Response Team) to provide services to all users within Ireland.

Energy Sec

Energy Sec

EnergySec is a United States 501(c)(3) non-profit corporation formed to support energy sector organizations with the security of their critical technology infrastructures.

Fortinet

Fortinet

Fortinet is a provider of network security systems. Our products provide protection against dynamic security threats while simplifying the IT security infrastructure.

CyberSecurity Malaysia

CyberSecurity Malaysia

CyberSecurity Malaysia is the national cyber security specialist agency under the Ministry of Science, Technology and Innovation (MOSTI).

VNCERT

VNCERT

VNCERT is the national Computer Emergency Response Team for Vietnam.

Phirelight Security Solutions

Phirelight Security Solutions

Phirelight empowers an enterprise to easily understand how their networks behave, while at the same time assessing and managing cyber threats in real time.

Centurion Information Security

Centurion Information Security

Centurion Information Security is a consulting firm based in Singapore that specialises in penetration testing and security assessment services.

CASES.lu

CASES.lu

CASES.lu is a government-driven initiative offering awareness-raising, a web resource and other tools to assist SMEs concerning information security.

Quantum Generation

Quantum Generation

Quantum Cyber Security for a new age of communications. We are developing the largest decentralized orbital, and ground quantum mesh network based on blockchain technology.

Port53 Technologies

Port53 Technologies

Port53 Technologies is focused on delivering enterprise-grade, cloud-delivered security solutions that are easy to deploy, simple to manage and extremely effective.

riskmethods

riskmethods

riskmethods helps you proactively identify, assess and mitigate supply chain risk. You need to master supply chain risk management—we can help.

Dataprise

Dataprise

Dataprise is a leading IT managed services provider offering IT Management and Help Desk Support Services, Cloud Services, Information Security Solution, IT Strategy and Consulting.

Eureka Security

Eureka Security

Eureka help organizations securely use any cloud data storage technology they need without having to compromise on security.

BCyber

BCyber

BCyber is a Swiss Cyber Security company that provides security products, training, and managed services to protect diverse IT and OT environments against cyber, physical, and cyber-physical threats.

Anatomy IT

Anatomy IT

Anatomy IT empowers healthcare providers to deliver exceptional patient care with cutting-edge technology and cybersecurity solutions.