China-linked APT group Aquatic Panda leverages Log4Shell in recent attack


Log4Shell aquatic panda

China-linked cyberespionage group Aquatic Panda was spotted exploiting the Log4Shell vulnerability (CVE 2021-44228) in an attack aimed at a large academic institution.

According to the Crowdstrike OverWatch team, the APT group is using a modified version of the Log4j exploit published on GitHub on December 13.

Read more…