CVE-2021-44228

Vulnerability updated 2 months ago (2024-08-14T09:36:36.482Z)
Download STIX
Preview STIX
CVE-2021-44228, also known as the Log4Shell vulnerability, is a significant flaw in Apache's Log4j software. Disclosed in December 2021, it quickly became one of the most severe bugs due to its widespread usage and potential for exploitation. Various Advanced Persistent Threat (APT) actors attempted to exploit this vulnerability in systems such as ServiceDesk, but were unsuccessful. However, other groups like GOLD MELODY (UNC961) successfully exploited this vulnerability to access servers like MobileIron Core. The Log4Shell vulnerability has been used by various threat groups, including APT40, which is known for rapidly exploiting newly public vulnerabilities in widely-used software. In addition to Log4J, they have targeted software like Atlassian Confluence and Microsoft Exchange. Another group, TellYouThePass, a ransomware group active since 2019, has also exploited this vulnerability along with others in open-source web development languages. Despite being known for several years, CVE-2021-44228 remains a common exploit attempt, especially against educational institutions where it accounts for 74% of attempts. LockBit, a threat group, was responsible for 30% of ransomware incidents targeting the education sector using this exploit. The vulnerability continues to be of interest to both defenders and attackers, highlighting the need for continued vigilance and prompt patching of known vulnerabilities.
Description last updated: 2024-08-14T09:06:03.754Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Log4Shell is a possible alias for CVE-2021-44228. Log4Shell is a critical software vulnerability (CVE-2021-44228) in the Apache Log4j library that was identified and widely exploited in late 2021. The flaw lies within the software's design and implementation, allowing potential attackers to execute arbitrary code remotely on vulnerable systems. In
11
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Log4j
Vulnerability
Exploit
Remote Code ...
Exploits
RCE (Remote ...
Apt
exploited
Ransomware
Confluence
Operation Bl...
Malware
Apache
Ofbiz
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The APT40 Threat Actor is associated with CVE-2021-44228. APT40, a Chinese cyber espionage group suspected to be affiliated with China's Ministry of State Security, has been actively conducting cyberespionage campaigns against government and private organizations in multiple countries. This threat actor typically targets nations strategically significant tUnspecified
2
The APT41 Threat Actor is associated with CVE-2021-44228. APT41, also known as Winnti, Wicked Panda, and Brass Typhoon, is a significant threat actor attributed to China. This group has been active since at least 2012 and has targeted organizations in over 14 countries. It uses a wide range of malware, with at least 46 different code families and tools obsUnspecified
2
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The CVE-2021-34473 Vulnerability is associated with CVE-2021-44228. CVE-2021-34473 is a significant software vulnerability that was discovered in Microsoft Exchange Server. This flaw, along with two others (CVE-2021-31207 and CVE-2021-34523), forms a chain of vulnerabilities known as ProxyShell. These vulnerabilities can be exploited together by remote attackers to Unspecified
3
The CVE-2021-26084 Vulnerability is associated with CVE-2021-44228. CVE-2021-26084 is a critical vulnerability related to Atlassian's Confluence software. The flaw in the software design or implementation was first exploited as a zero-day, before its public disclosure in June 2022. It allowed remote attackers to execute code on a Confluence Server via injection attaUnspecified
3
The vulnerability CVE-2021-34523 is associated with CVE-2021-44228. Unspecified
2
The CVE-2021-44207 Vulnerability is associated with CVE-2021-44228. CVE-2021-44207 is a significant software vulnerability that was exploited by APT41, a prolific Chinese state-sponsored espionage group known for targeting both public and private sector organizations. This flaw in the USAHerds web application's design or implementation mirrors a previously reported Unspecified
2
The Proxyshell Vulnerability is associated with CVE-2021-44228. ProxyShell is a significant software vulnerability affecting Microsoft Exchange email servers. The flaw lies in the design or implementation of the software, making it a potential target for attackers seeking to exploit system weaknesses. Since early 2021, various vulnerabilities including ProxyShelUnspecified
2
The CVE-2021-31207 Vulnerability is associated with CVE-2021-44228. CVE-2021-31207 is a significant software vulnerability that has been exploited by APT40, a group known for rapidly taking advantage of newly public vulnerabilities in widely used software. This particular vulnerability affects Atlassian Confluence and Microsoft Exchange, among other platforms, and aUnspecified
2
Source Document References
Information about the CVE-2021-44228 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
9 months ago
DARKReading
2 months ago
CISA
2 months ago
Securityaffairs
3 months ago
CISA
3 months ago
Securityaffairs
3 months ago
DARKReading
4 months ago
InfoSecurity-magazine
5 months ago
DARKReading
6 months ago
CERT-EU
7 months ago
CERT-EU
7 months ago
CERT-EU
8 months ago
CERT-EU
8 months ago
CERT-EU
8 months ago
BankInfoSecurity
8 months ago
Securityaffairs
9 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago