Project Hyphae
Search

Log4J Unifi (Ubiquiti) Attacks

Share This Post

As with many other applications, the Unifi application from Ubiquiti was vulnerable to the Log4J attacks. Morphisec has observed these attacks in the wild utilizing a Command-and-Control (C2) system that appears to be related to TA505 (aka Graceful Spider), and the C2 is correlated to some previous SolarWinds attacks.

These attacks are utilizing a Cobalt Strike beacon with a reverse TCP PowerShell script.

Morphisec Report: https://blog.morphisec.com/log4j-exploit-targets-vulnerable-unifi-network-applications

Indicators of Compromise

Indicator TypeIndicator
File Hash SHA256079089176ad528393c0641a630d90ca90a353a3c1765fb052e8c43ed45a29506
File Hash SHA2565e53ee9c3299a60b313bdfa3d8b8aaafae67d70eb565a7999e42139d51614462
CVECVE-2021-44228
File Hash SHA2562275247244f03091373f51d613939f5a96c48481c60832d443c112611142ceba
File Hash SHA256cccd16f0c8e1f490f9cf8b0a42d61b52185f0e44e66e098c4f116b3e19f75b1c
IPv4179.60.150.32
IPv4179.60.150.25
IPv4179.60.150.26
IPv4179.60.150.27
IPv4179.60.150.29
IPv4179.60.150.30


Reach out to our incident response team for help

More To Explore

Information Security News – 4/14/2025

Oracle Confirms “Obsolete Servers” Hacked Article link: https://www.bleepingcomputer.com/news/security/oracle-says-obsolete-servers-hacked-denies-cloud-breach/    Phishing Kits Now Vet Victims in Real-Time Before Stealing Credentials Article link: https://www.bleepingcomputer.com/news/security/phishing-kits-now-vet-victims-in-real-time-before-stealing-credentials/    Neptune RAT

Marcus Cylar April 14, 2025

Information Security News – 4/7/2025

Criminal Group Claims Responsibility for Cyberattack on Minnesota Casino Article Link: https://cdcgaming.com/brief/cybersecurity-incident-at-minnesota-tribal-community-casino-prompts-shutdown/ As CISA Downsizes, Where Can Enterprises Get Support? Article Link: https://www.darkreading.com/cybersecurity-operations/roundtable-cisa-downsizes-where-can-enterprises-look-support Oracle Privately

Jo Moldenhauer April 7, 2025

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.