While Minecraft is not usually connected to the enterprise, there are PowerShell-based reverse shells malicious actors are dropping into compromised Minecraft systems that give an attacker full access. Attackers are then running Mimikatz, an open source credential dumping tool, to steal credentials, a technique often used to attack enterprise systems. 
While no follow-on activity was detected, Microsoft said attackers may be gathering access to use in future attacks.  
Mandiant has observed nation-state activity from China and Iran, and additional state actors will likely attempt to exploit the vulnerability. 
Microsoft earlier this week warned of nation-state activity using Log4j from China, Iran, North Korea and Turkey. An Iranian actor called Phosphorus has been observed deploying ransomware and obtaining and modifying Log4j, the company said. Meanwhile Hafnium, the China-based threat actor linked to the Microsoft Exchange attacks earlier this year, has been seen using Log4j to launch attacks against virtualization infrastructure, according to the blog. 
The Biden administration in July accused China of backing malicious cyberattacks against U.S. targets, including using contract hackers to launch ransomware, but did not announce any specific sanctions. The National Security Agency, the FBI and CISA also issued warnings about Chinese state actors looking to exploit vulnerabilities in Apache, Pulse Secure, Microsoft and F5 Big IP. 
Multiple groups of access brokers are also using Log4j to gain initial access to targeted networks, trying to sell access to groups affiliated with ransomware as a service, Microsoft said. The access brokers are attempting to exploit Windows and Linux systems. 
Companies need to take proactive steps to mitigate against the potential impact of Log4j, according to Gartner. Remote employees need to update their personal devices and routers, as they are seen as particularly vulnerable targets. 
CISOs need to invoke severe incident response measures, including briefings for top officials inside the organization, including the CIO, CEO and board of directors. 
“Gartner’s advice is that in the event of a choice between availability and downtime to safeguard customer funds and critical data, then downtime may be the reluctantly preferred choice,” Jonathan Care, senior research director at Gartner said via email. 
IT supply chains, remote working environments and enterprise IT architectures are all “significant points of weakness requiring a Herculean task of examination and remediation,” Care said. 
Get the free daily newsletter read by industry experts
The agency is encouraging private entities and local governments to monitor the catalog, though its usefulness will depend on a company's resources.
Corporate boards are no longer rubber-stamping assurances from CIOs or CISOs but are bringing in outside experts, asking more questions and preparing for the risk of personal liability.
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
The agency is encouraging private entities and local governments to monitor the catalog, though its usefulness will depend on a company's resources.
Corporate boards are no longer rubber-stamping assurances from CIOs or CISOs but are bringing in outside experts, asking more questions and preparing for the risk of personal liability.
The free newsletter covering the top industry headlines

source