Conti & Log4Shell from AdvIntel

  |  Source: 

Conti & Log4Shell from AdvIntel

Industry: N/A | Level: Tactical | Source: AdvIntel

Continued vigilance on the threat landscape due to Log4Shell, has identified the Conti ransomware group showing signs of interest. A report from AdvIntel, detailed Conti had been deprived of new viable attack vectors since November, but had been searching for new methods. It wasn't until the fallout of Log4Shell the ransomware group finally found what they'd been looking for. Multiple Conti members have been identified initiating scanning activity for the exploit. A recent quote from AdvIntel confirmed, "the criminals pursued targeting specific vulnerable Log4J2 VMware vCenter for lateral movement directly from the compromised network resulting in vCenter access affecting US and European victim networks from the pre-existent Cobalt Strike sessions."

  • Anvilogic Scenarios:
  • Log4Shell Payload
  • Kinsing Behaviors
  • Unix File Download, Modified, Executed
  • Anvilogic Use Cases:
  • Potential CVE-2021-44228 – Log4Shell
  • File Download (Unix)
  • Modify File Attributes

Get trending threats published weekly by the Anvilogic team.

Sign Up Now