top of page
Search
Writer's pictureStormsec

MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations

Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Research Team detected Iran-based threat actor MERCURY leveraging exploitation of Log4j 2 vulnerabilities in SysAid applications against organizations all located in Israel. MSTIC assesses with high confidence that MERCURY’s observed activity was affiliated with Iran’s Ministry of Intelligence and Security (MOIS).




ADVERSARY: MERCURY


MALWARE FAMILY: MERCURY


ATT&CK IDS: T1059 - Command and Scripting Interpreter, T1547 - Boot or Logon Autostart Execution, T1114 - Email Collection


Read More:


5 views

Comments


Commenting has been turned off.
bottom of page