Iranian advanced persistent threat group Cobalt Mirage, also known as UNC2448 or Nemesis Kitten, has exploited the Log4j vulnerability to compromise numerous U.S. local government networks with the Drokbk malware since February, according to The Record, a news site by cybersecurity firm Recorded Future.