Seeking Victims of Log4j Vulnerability
The FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) are working jointly in response to the ongoing threat associated with the Log4j CVE.
If you believe that malicious cyber actors have exploited this vulnerability on your network, please submit a complaint to the Internet Crime Complaint Center (IC3). Your responses are voluntary but would be useful in identifying you as a potential victim. Based on the responses provided, you may be contacted by the FBI and/or CISA and asked to provide additional information.
When responding, please include the following information, as applicable:
- Contact information for your organization’s administrator
- Contact information for any third-party companies involved in incident response/remediation
- Start and end dates of the attack
- Attacking infrastructure used
- Hashes for dropped malware
- IP addresses/domains used to exploit infrastructure, receive beacons, and/or exfiltrate data
- Exploited applications/servers (also describe how applications/servers are used in the normal course of business)
- Explain what the actors did on the network (lateral movement, drop malware, drop/execute ransomware, crypto-miners, etc.)
- Describe any negative impacts to your organization, to include any losses incurred
- Indicate if there is evidence of the event (log files, disk images, computers, hard drives, transaction records, etc.)
- Indicate if you have knowledge of who might be behind the attack (APT actors, criminal actors, disgruntled employees or unknown actors) based on prominent employees, data that was stolen, recent publicity, or recent events surrounding your organization
- Indicate if you have already reported this to law enforcement (if yes, provide date reported, agency, and report number)
The FBI and CISA are legally mandated to identify specific victims of malicious cyber activity and provide these victims with information, assistance services, and resources.