Threat actors are using a customised public exploit for the Log4Shell vulnerability to attack and take over Ubiquiti network appliances running the UniFi software, security firm Morphisec said in a report last week.
The attackers used a proof-of-concept exploit previously shared on GitHub. Developed the Sprocket Security, the PoC adapts the Log4Shell exploit in the Log4j Java library to work on Ubiquiti`s UniFi devices, complete with post-exploitation steps.
The attackers took over UniFi devices and ran malicious PowerShell code that later downloaded and installed a version of the Cobalt Strike Beacon backdoor.
There was no universal exploit code that worked everywhere out-of-the-box and granted attackers the ability to take over systems indiscriminately.
Reports of Log4Shell exploitation have been limited only to a handful of devices, such as VMWare Horizon, VMWare vCenter, ZyXEL routers, and SolarWinds Serv-U servers, as attackers relied on public exploits shared online.
As the Log4Shell vulnerability continues to plague the digital world, Acurus are dedicated to finding and fixing vulnerabilities in our customers networks. This includes researching the latest hacks, closing loopholes and possible target vectors, and keeping systems up to date with the security updates and patches.
Contact us today to ensure your organisation is protected from the latest cyber attacks.