Log4j: How hackers are using the flaw to deliver this new ‘modular’ backdoor

Iran-backed hacking group, Phosphorous or APT35, is exploiting the Log4j vulnerability to distribute a new PowerShell toolkit and set the stage for potential ransomware attacks. The group exploits Log4j on public-facing systems, then uses a PowerShell-based modular backdoor for persistence and command execution. Despite their actions being easy to detect, Microsoft sees their operation as a “high-risk” situation since it’s difficult for organisations to track affected applications and devices.