Attackers Target Log4j to Drop Ransomware, Web Shells, Backdoors

Threat actors, including nation-state adversaries, are exploiting the recently disclosed Log4j flaw to deploy ransomware, remote access Trojans, and Web shells on vulnerable systems including servers, virtual machines, PCs, and IP cameras. This represents an escalation in attack activity. Despite the releases of patch updates, organisations continue to download versions of the logging tool containing the vulnerability, presenting a critical security threat.