{"id":44448,"date":"2021-12-15T15:20:02","date_gmt":"2021-12-15T15:20:02","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/32917\/MS-Warns-State-Based-Hackers-Are-Using-Log4j-Flaw.html"},"modified":"2021-12-15T15:20:02","modified_gmt":"2021-12-15T15:20:02","slug":"ms-warns-state-based-hackers-are-using-log4j-flaw","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/ms-warns-state-based-hackers-are-using-log4j-flaw\/","title":{"rendered":"MS Warns State Based Hackers Are Using Log4j Flaw"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/www.zdnet.com\/a\/img\/resize\/c3965a5c519ab39c06baf67724d35f4e52a5263f\/2021\/12\/15\/b6821fa2-f1a5-4e6d-a839-63172b59646d\/shutterstock-1122656969.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\" class=\"ff-og-image-inserted\"><\/div>\n<p>State-sponsored hackers from China, Iran, North Korea and Turkey have started testing, exploiting and using the Log4j bug to deploy malware, including ransomware, according to Microsoft. &nbsp;&nbsp; <\/p>\n<p>As <a href=\"https:\/\/www.zdnet.com\/article\/log4j-flaw-puts-hundreds-of-millions-of-devices-at-risk-says-us-cybersecurity-agency\/\">predicted by officials at the US Cybersecurity and Infrastructure Security Agency (CISA)<\/a>, more sophisticated attackers have now started exploiting the so-called Log4Shell bug (CVE-2021-44228), which affects devices and applications running vulnerable versions of the Log4j Java library. It&#8217;s a potent flaw that allows remote attackers to take over a device after compromise. <\/p>\n<p>CISA officials on Tuesday warned that <a href=\"https:\/\/www.zdnet.com\/article\/log4j-flaw-puts-hundreds-of-millions-of-devices-at-risk-says-us-cybersecurity-agency\/\">hundreds of millions of enterprise and consumer devices are at risk<\/a> until the bug is patched.&nbsp; <\/p>\n<hr>\n<h3> LOG4J FLAW COVERAGE &#8211; WHAT YOU NEED TO KNOW NOW <\/h3>\n<hr>\n<p>The bulk of attacks that Microsoft has observed so far have been related to mass scanning by attackers attempting to thumbprint vulnerable systems, as well as scanning by security companies and researchers.&nbsp; <\/p>\n<p>&#8220;The vast majority of observed activity has been scanning, but exploitation and post-exploitation activities have also been observed. Based on the nature of the vulnerability, once the attacker has full access and control of an application, they can perform a myriad of objectives. Microsoft has observed activities including installing coin miners, Cobalt Strike to enable credential theft and lateral movement, and exfiltrating data from compromised systems,&#8221; Microsoft said. <\/p>\n<p>Its ease of exploitation and wide distribution in products makes it an attractive target for sophisticated criminal and state-sponsored attackers.&nbsp; <\/p>\n<p>It is this latter group that has now started exploiting the flaw.&nbsp; <\/p>\n<section class=\"sharethrough-top placeholder\"> <\/section>\n<p>&#8220;This activity ranges from experimentation during development, integration of the vulnerability to in-the-wild payload deployment, and exploitation against targets to achieve the actor&#8217;s objectives,&#8221; Microsoft said. <\/p>\n<p>Microsoft has turned the spotlight on the Iranian hacking group it tracks as Phosphorous, which recently <a href=\"https:\/\/www.zdnet.com\/article\/now-irans-state-backed-hackers-are-turning-to-ransomware\/\">ramped up their use of file-encryption tools to deploy ransomware on targets<\/a>. The group has acquired and modified the Log4j exploit for use, according to the Microsoft Threat Intelligence Center (MSTIC). <\/p>\n<p>&#8220;We assess that Phosphorus has operationalized these modifications,&#8221; <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2021\/12\/11\/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation\/\" target=\"_blank\" rel=\"noopener noreferrer\" data-component=\"externalLink\">the MSTIC notes<\/a>.&nbsp; <\/p>\n<p>Hafnium, a Beijing-backed hacking <a href=\"https:\/\/www.zdnet.com\/article\/update-immediately-microsoft-rushes-out-patches-for-exchange-server-zero-day-attacks\/\">group behind this year&#8217;s Exchange Server flaws<\/a>, has also been using Log4Shell to &#8220;target virtualization infrastructure to extend their typical targeting.&#8221; <\/p>\n<p>Microsoft saw the systems used by Hafnium employing a Domain Name Server (DNS) service to fingerprint systems.&nbsp; <\/p>\n<p>The Log4Shell bug&nbsp;<a href=\"https:\/\/www.zdnet.com\/article\/security-warning-new-zero-day-in-the-log4j-java-library-is-already-being-exploited\/\">was disclosed by the Apache Software Foundation on December 9<\/a>. CERT New Zealand reported the bug was actively being exploited. Apache released a patch last week. However, vendors including Cisco, IBM, Oracle, VMware and others still need to integrate the patch into their own affected products before customers can deploy them.&nbsp; &nbsp; <\/p>\n<p>MSTIC and the Microsoft 365 Defender team also confirmed that &#8220;access brokers&#8221; \u2013 gangs who sell or rent access to compromised machines \u2013 have been using the Log4j flaw to gain a foothold in target networks on both Linux and Windows systems. This sort of access is frequently sold on to ransomware gangs looking for victims; security firm BitDefender <a href=\"https:\/\/businessinsights.bitdefender.com\/technical-advisory-zero-day-critical-vulnerability-in-log4j2-exploited-in-the-wild\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">reported<\/a> that a new ransomware strain called Khonsari is already attempting to exploit the Log4j bug.&nbsp; <\/p>\n<p>CISA yesterday <a href=\"https:\/\/github.com\/cisagov\/log4j-affected-db\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">published its list in GitHub<\/a> of products affected by the Log4Shell flaw, following a similar <a href=\"https:\/\/www.zdnet.com\/article\/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself\/\">list by the Netherlands cybersecurity agency<\/a> (NCSC) published earlier this week. CISA lists the vendor, product, versions, status of vulnerability, and whether an update is available. <\/p>\n<hr>\n<h3> LOG4J FLAW COVERAGE &#8211; HOW TO KEEP YOUR COMPANY SAFE <\/h3>\n<hr>\n<p>The US list will be a handy tool for organizations as they patch affected devices, in particular US federal agencies that were <a href=\"https:\/\/therecord.media\/cisa-tells-federal-agencies-to-patch-log4shell-before-christmas\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">ordered by CISA, a unit of the Department of Homeland Security, yesterday<\/a> to test which internal applications and servers are vulnerable to the bug by December 24.&nbsp; <\/p>\n<p>Cisco customers will be busy over the next few weeks as it rolls out patches. Just looking at, for example, Cisco&#8217;s list of affected products highlights the work ahead for agency teams that must enumerate affected systems ahead of the Christmas break. CISA&#8217;s list also includes an extensive array of affected VMware virtualization software tools, most of which don&#8217;t have a patch available yet. &nbsp; <\/p>\n<p>Dozens of Cisco software and network products are affected. Cisco released a patch for Webex Meetings Server<a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-apache-log4j-qRuKNEbd\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">&nbsp;yesterday<\/a>. The Cisco CX Cloud Agent Software also got a patch.&nbsp; <\/p>\n<p>Other affected Cisco products without a patch include Cisco&#8217;s AMP Virtual Private Cloud Appliance, its Advanced Web Security Reporting Application, Firepower Threat Defense (FTD), and Cisco Identity Services Engine (ISE). Several network infrastructure management and provision products are also vulnerable, with patches scheduled for December 21 and onwards.&nbsp; <\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/32917\/MS-Warns-State-Based-Hackers-Are-Using-Log4j-Flaw.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[9781],"class_list":["post-44448","post","type-post","status-publish","format-standard","hentry","category-cybersecurity-blogs","tag-headlinehackergovernmentmicrosoftflawcyberwarjavaapache"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>MS Warns State Based Hackers Are Using Log4j Flaw 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/ms-warns-state-based-hackers-are-using-log4j-flaw\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"MS Warns State Based Hackers Are Using Log4j Flaw 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/ms-warns-state-based-hackers-are-using-log4j-flaw\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-12-15T15:20:02+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.zdnet.com\/a\/img\/resize\/c3965a5c519ab39c06baf67724d35f4e52a5263f\/2021\/12\/15\/b6821fa2-f1a5-4e6d-a839-63172b59646d\/shutterstock-1122656969.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ms-warns-state-based-hackers-are-using-log4j-flaw\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ms-warns-state-based-hackers-are-using-log4j-flaw\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"MS Warns State Based Hackers Are Using Log4j Flaw\",\"datePublished\":\"2021-12-15T15:20:02+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ms-warns-state-based-hackers-are-using-log4j-flaw\\\/\"},\"wordCount\":783,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ms-warns-state-based-hackers-are-using-log4j-flaw\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/c3965a5c519ab39c06baf67724d35f4e52a5263f\\\/2021\\\/12\\\/15\\\/b6821fa2-f1a5-4e6d-a839-63172b59646d\\\/shutterstock-1122656969.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\",\"keywords\":[\"headline,hacker,government,microsoft,flaw,cyberwar,java,apache\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ms-warns-state-based-hackers-are-using-log4j-flaw\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ms-warns-state-based-hackers-are-using-log4j-flaw\\\/\",\"name\":\"MS Warns State Based Hackers Are Using Log4j Flaw 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ms-warns-state-based-hackers-are-using-log4j-flaw\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ms-warns-state-based-hackers-are-using-log4j-flaw\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/c3965a5c519ab39c06baf67724d35f4e52a5263f\\\/2021\\\/12\\\/15\\\/b6821fa2-f1a5-4e6d-a839-63172b59646d\\\/shutterstock-1122656969.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\",\"datePublished\":\"2021-12-15T15:20:02+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ms-warns-state-based-hackers-are-using-log4j-flaw\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ms-warns-state-based-hackers-are-using-log4j-flaw\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ms-warns-state-based-hackers-are-using-log4j-flaw\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/c3965a5c519ab39c06baf67724d35f4e52a5263f\\\/2021\\\/12\\\/15\\\/b6821fa2-f1a5-4e6d-a839-63172b59646d\\\/shutterstock-1122656969.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\",\"contentUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/c3965a5c519ab39c06baf67724d35f4e52a5263f\\\/2021\\\/12\\\/15\\\/b6821fa2-f1a5-4e6d-a839-63172b59646d\\\/shutterstock-1122656969.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ms-warns-state-based-hackers-are-using-log4j-flaw\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,government,microsoft,flaw,cyberwar,java,apache\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackergovernmentmicrosoftflawcyberwarjavaapache\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"MS Warns State Based Hackers Are Using Log4j Flaw\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"MS Warns State Based Hackers Are Using Log4j Flaw 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/ms-warns-state-based-hackers-are-using-log4j-flaw\/","og_locale":"en_US","og_type":"article","og_title":"MS Warns State Based Hackers Are Using Log4j Flaw 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/ms-warns-state-based-hackers-are-using-log4j-flaw\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-12-15T15:20:02+00:00","og_image":[{"url":"https:\/\/www.zdnet.com\/a\/img\/resize\/c3965a5c519ab39c06baf67724d35f4e52a5263f\/2021\/12\/15\/b6821fa2-f1a5-4e6d-a839-63172b59646d\/shutterstock-1122656969.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/ms-warns-state-based-hackers-are-using-log4j-flaw\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/ms-warns-state-based-hackers-are-using-log4j-flaw\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"MS Warns State Based Hackers Are Using Log4j Flaw","datePublished":"2021-12-15T15:20:02+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/ms-warns-state-based-hackers-are-using-log4j-flaw\/"},"wordCount":783,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/ms-warns-state-based-hackers-are-using-log4j-flaw\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/c3965a5c519ab39c06baf67724d35f4e52a5263f\/2021\/12\/15\/b6821fa2-f1a5-4e6d-a839-63172b59646d\/shutterstock-1122656969.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp","keywords":["headline,hacker,government,microsoft,flaw,cyberwar,java,apache"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/ms-warns-state-based-hackers-are-using-log4j-flaw\/","url":"https:\/\/www.threatshub.org\/blog\/ms-warns-state-based-hackers-are-using-log4j-flaw\/","name":"MS Warns State Based Hackers Are Using Log4j Flaw 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/ms-warns-state-based-hackers-are-using-log4j-flaw\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/ms-warns-state-based-hackers-are-using-log4j-flaw\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/c3965a5c519ab39c06baf67724d35f4e52a5263f\/2021\/12\/15\/b6821fa2-f1a5-4e6d-a839-63172b59646d\/shutterstock-1122656969.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp","datePublished":"2021-12-15T15:20:02+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/ms-warns-state-based-hackers-are-using-log4j-flaw\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/ms-warns-state-based-hackers-are-using-log4j-flaw\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/ms-warns-state-based-hackers-are-using-log4j-flaw\/#primaryimage","url":"https:\/\/www.zdnet.com\/a\/img\/resize\/c3965a5c519ab39c06baf67724d35f4e52a5263f\/2021\/12\/15\/b6821fa2-f1a5-4e6d-a839-63172b59646d\/shutterstock-1122656969.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp","contentUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/c3965a5c519ab39c06baf67724d35f4e52a5263f\/2021\/12\/15\/b6821fa2-f1a5-4e6d-a839-63172b59646d\/shutterstock-1122656969.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/ms-warns-state-based-hackers-are-using-log4j-flaw\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,government,microsoft,flaw,cyberwar,java,apache","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackergovernmentmicrosoftflawcyberwarjavaapache\/"},{"@type":"ListItem","position":3,"name":"MS Warns State Based Hackers Are Using Log4j Flaw"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/44448","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=44448"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/44448\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=44448"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=44448"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=44448"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}