The Log4Shell vulnerability affecting the Apache Log4j logging utility came to light in December 2021. The flaw, identified as CVE-2021-44228, can be exploited for remote code execution and it has been leveraged by both profit-driven cybercriminals and state-sponsored cyberspies.
Log4Shell impacts the products of several major companies that use Log4j, but in many attacks the vulnerability has been exploited against affected VMware software.
Microsoft said the threat actor it tracks as Mercury has been known to exploit Log4j vulnerabilities, but it has done so against vulnerable VMware software, and this seems to be the first time they have targeted SysAid apps. The tech giant assesses with ‘moderate confidence’ that the hackers have exploited SysAid server instances.