Tonight (Wednesday), Check Point announced an Iranian attempt at a cyber attack against seven government and business targets in Israel in the last 24 hours, as part of exploiting log4j’s weakness. The company located and blocked attempts to produce communication between these targets and a server used by a well-known Iranian group – APT35, known as charming kitten. Relations with the Iranian regime have been attributed to this group in the past, by various sources.
The events in question occurred yesterday between four in the afternoon and two at night. The company also stated that no such communication was observed with targets in any country other than Israel. Checkpoint stressed that the findings were passed on to the relevant authorities in the country.
As mentioned, since Friday, Check Point has located and arrested more than 1.8 million attempts to exploit the weakness in log4j worldwide. This is close to half (46%) of the corporate networks in the world and more than half (54%) of the corporate networks in Israel.
Also, an attack was also reported yesterday in five countries (including Israel), which exploits the weakness in log4j by a group of hackers engaged in mining cryptocurrencies.
The current publication, of an Iranian group, strengthens the basic premise that all attack groups in the world (driven by economic or political motives) will continue to use weakness and attack those who are not protected from it. It should be noted that so far more than 60 different variants of the exploitation of the weakness have been identified, which makes it difficult to protect against it.