The maritime industry is observing coin-miners, remote access trojans (RAT), and Cobalt Strike payloads being actively deployed against vulnerable servers.
The Apache Log4j project disclosed CVE-2021-44228, which is a critical (CVSS 10.0) remote code execution (RCE) vulnerability affecting Apache Log4j2<= 2.14.1.
The vulnerability allows for unauthenticated remote code execution. Log4j 2 is an open-source Java logging library developed by the Apache Foundation.
Log4j 2 is widely used in many applications and is present, as a dependency, in many services. These include enterprise applications as well as numerous cloud services.
Nordic IT does not use log4j with any components related to reMARK, MARK5, or any other current or past products.
Though Nordic IT products are not affected by this vulnerability, we urge all organizations using Apache Log4j to patch immediately.
Due to the ease of exploitation and the potential of applicability, we suspect attackers to begin taking advantage of this vulnerability immediately.
If abnormalities are found, we encourage you to assume this is an active incident, that you have been compromised, and respond accordingly. Contact us to learn more.