In an update to its blog on the ongoing Log4j remediation efforts, Microsoft Threat Intelligence Center (MSTIC) says it has observed a variety of attackers — from nation states to criminal groups — using the exploit for mischief.
"Customers are encouraged to utilize scripts and scanning tools to assess their risk and impact. Microsoft has observed attackers using many of the same inventory techniques to locate targets," the company wrote Monday.
Microsoft's observations are in line with those of other companies, who have noted a ransomware, cryptominers and DDoS botnets leveraging the Log4j vulnerability as well as a Chinese espionage group targeting a Log4j flaw in VMware that VMware had previously issued guidance on.
"Exploitation attempts and testing have remained high during the last weeks of December. We have observed many existing attackers adding exploits of these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on-keyboard attacks," Microsoft wrote.
Before New Year's Day, Sophos researcher Sean Gallagher noted a 40% dip in internet scanning for the Log4j bug, which he attributed to the annual general lull in attacks between the last week of December and Russian Orthodox Christmas (Jan. 7), when Russian hackers often take time off.