Advisoryseverity: High2022-01-11

APT35 weaponizes Log4Shell against unpatched targets

published by Check Point Research

Actor

APT35IR · IranAPT

Iranian state-sponsored actor associated with the IRGC. Conducts long-term espionage and credential-phishing operations against journalists, dissidents, U.S. and Israeli government targets, and acade…

Summary

Check Point Research observed APT35 actively exploiting Log4Shell (CVE-2021-44228) within a week of public disclosure, deploying a modular PowerShell toolkit ('CharmPower') against vulnerable VMware Horizon and similar Java-stack targets.

Primary source

research.checkpoint.com

Other APT35 events

2018-03-23DOJ indicts nine IRGC-affiliated actors for academic phishing

Summary

Tags

Primary source

Other APT35 events