Microsoft said that organizations connected to the governments of China, Iran, North Korea and Turkey have begun to take advantage of loopholes in the open source log4j software library widely used by the Apache Software Foundation.
Hackers can use software defects to control damaged computers and systems. Microsoft said in its latest post on the issue on Tuesday that the company has detected the preliminary activities of government affiliated groups, from experiments to active exploitation of these vulnerabilities.
Others exploit the vulnerability to gain initial access to blackmail software attacks.
“These access agents then sell access to these networks to ransomware as a service affiliates,” Microsoft said. “We have observed that these organizations are trying to attack Linux and windows systems, which may increase the impact of human extortion software on these two operating system platforms.”
Microsoft’s security team “has been analyzing our products and services to understand where Apache log4j may be used, and is taking rapid measures to mitigate any situation,” the company said in another post.
Apache has released two security updates to address the flaws found in log4j. Software libraries are widely used to track security and performance information in programs developed in cross platform Java programming languages, which are commonly used for consumer and enterprise applications, services, and websites.
These security updates are designed for software vendor applications. End users should pay attention to the software updates of these suppliers after completing the software updates.
The U.S. cybersecurity and infrastructure agency said that software suppliers using log4j in their products should apply patches as soon as possible and inform users of the priority of software updates, because “the severity of vulnerabilities and the increased possibility of complex network threat actors using log4j.”