A variant of the long-standing FritzFrog botnet has evolved to exploit the Log4Shell vulnerability, extending its reach beyond internet-facing applications to target all hosts within a victim's internal network.
Akamai researchers revealed this shift in a report on Thursday, outlining how the botnet, active since 2020, now employs more sophisticated methods beyond brute-force attacks on SSH protocols. Newer FritzFrog variants analyze system files on compromised hosts to identify potential targets within internal networks, marking a strategic shift.
Named "Frog4Shell," the campaign leverages the Log4Shell vulnerability discovered in the widely-used open-source Log4j web tool in 2021. While global patching efforts were successful initially, FritzFrog's latest approach focuses on vulnerable internal hosts often neglected during the patching process. Even if high-profile internet-facing applications are patched, the FritzFrog malware aims to exploit unpatched internal assets by targeting all hosts in the internal network.
Akamai reported witnessing over 20,000 FritzFrog attacks and more than 1,500 victims over the years. The malware's evolution includes new privilege escalation capabilities, cyberdefense evasion tools, and a potential for additional exploits in future versions, posing an ongoing cybersecurity threat.
0 comments:
Post a Comment