MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations


Level 18
Thread author
Top Poster
May 4, 2019
While MERCURY has used Log4j 2 exploits in the past, such as on vulnerable VMware apps, we have not seen this actor using SysAid apps as a vector for initial access until now. After gaining access, MERCURY establishes persistence, dumps credentials, and moves laterally within the targeted organization using both custom and well-known hacking tools, as well as built-in operating system tools for its hands-on-keyboard attack.
This blog details Microsoft’s analysis of observed MERCURY activity and related tools used in targeted attacks. This information is shared with our customers and industry partners to improve detection of these attacks, such as implementing detections against MERCURY’s tools in both Microsoft Defender Antivirus and Microsoft Defender for Endpoint. As with any observed nation-state actor activity, Microsoft directly notifies customers that have been targeted or compromised, providing them with the information needed to secure their accounts.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.