Menu
On Friday 10th of December 2021, Mojang Studios, the Swedish video game developer behind Minecraft has released an emergency security update to address the bug CVE-2021-44228 in the Apache Log4j Java logging library which is used by Minecraft’s Java Edition client and multiplayer servers. Microsoft has warned all admins to immediately install the latest Minecraft server updates to defend them against any attacks that use the log4j exploits and asks players to only connect to trusted Minecraft servers.
“In these cases, an adversary sends a malicious in-game message to a vulnerable Minecraft server, which exploits CVE-2021-44228 to retrieve and execute an attacker-hosted payload on both the server and on connected vulnerable clients.”- Microsoft.
Microsoft 365 Defender Threat Intelligence Team and the Microsoft Threat Intelligence Center (MSTIC) has observed PowerShell-based reverse shells being deployed where Log4j exploits targeting Minecraft servers were used as the entry points. And it has also been observed that the Khonsari ransomware also uses the log4j bug to by being executed in the context of javaw.exe to ransom devices.
NCSC Threat Reports Feed© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.
