Iran-backed hackers breached a US federal agency that failed to patch year-old bug

Iranian government-backed hackers exploited an unpatched Log4Shell vulnerability to compromise a US federal agency, according to the Cybersecurity and Infrastructure Security Agency (CISA). The intruders used the flaw in open-source software Log4j to gain deep access to the agency’s network, where they installed crypto mining software and a credential stealer. CISA has urged all organisations to patch systems against Log4Shell, and to hunt for signs of a breach.