Iranians Tried to Hack Seven Israeli Sites Using Critical Vulnerability, Israeli Security Firm Says

The Iranian group tried to attack seven Israeli government and commercial targets using a vulnerability in the Apache Log4j logging platform, said Check Point

Send in e-mailSend in e-mail
Send in e-mailSend in e-mail
A defensive cyber course trains in Israel
A defensive cyber course trains in IsraelCredit: Alon Ron
Sagi Cohen
Sagi Cohen

Iranian hackers tried to attack seven Israeli targets using a vulnerability in a web server software that was exposed last week, said an Israeli security firm on Wednesday evening.

The Iranian group tried to attack seven Israeli government and commercial targets using a vulnerability in the Apache Log4j logging platform, said Check Point Software Technologies.

The attacks began at 4 P.M. on Tuesday and lasted until early Wednesday morning. “No such communication was observed with targets in any country other than Israel. Of course, the findings were passed on to the relevant authorities in the country," said Check Point.

Check Point identified the source of the assault attempt as a well-known Iranian group of hackers dubbed APT35, also known as “Charming Kitten.” In the past, various sources have attributed the group of ties to the Iranian regime, said Check Point.

Since Friday, Check Point has tracked down and stopped more than 1.8 million attempts to exploit the Log4j vulnerability around the world. The company has identified the attacks in close to half, 46 percent, of the corporate networks in the world – and in more than half, 54 percent, of the corporate networks in Israel – although the number of actual attacks is probably higher.

Microsoft and cybersecurity firm Mandiant also identified attempts by hackers from China, North Korea, Turkey – and Iran – to exploit the Log4j vulnerability, the Wall Street Journal reported earlier.

'One of the most serious' security breaches

Log4j is a critical and widespread security breach discovered last weekend that makes many organizations, software and technology services around the world an easy target for hackers. Log4j is a very commonly used open source library of software for free use based on Java. It runs across many platforms – Windows, Linux, Apple’s macOS – powering everything from webcams to car navigation systems and medical devices, according to the security firm Bitdefender. Because a very large number of software developers around the world use Log4j, this security breach appears on countless servers, software and applications.

The situation is particularly serious because the vulnerability allows the attacker to run malicious code remotely and infiltrate organizations and also attack private users. Because the breach exists in so many places, it will take a long time and a lot of effort to fix it.

Top U.S. cybersecurity defense official Jen Easterly deemed the flaw “one of the most serious I’ve seen in my entire career, if not the most serious” in a call Monday with state and local officials and partners in the private sector. 

The Cybersecurity and Infrastructure Security Agency, or CISA, which Easterly runs, stood up a resource page Tuesday to deal with the flaw it says is present in hundreds of millions of devices. Other heavily computerized countries were taking it just as seriously, with Germany activating its national IT crisis center.

Since the discovery of the vulnerability, companies have been in a race to try and close the breach with the hackers trying to exploit it.

Senior researcher Sean Gallagher of the cybersecurity firm Sophos said we’re in the lull before the storm.

“We expect adversaries are likely grabbing as much access to whatever they can get right now with the view to monetize and/or capitalize on it later on.” That would include extracting usernames and passwords.

Click the alert icon to follow topics:

Comments