There have been over 840,000 attacks on companies since Friday (Dec. 10) due to a vulnerability in the open-source Log4j software, Ars Technica reported.
Check Point, a cybersecurity firm, said cyberattack reports had sped up since Friday when the vulnerability was noticed, according to the report. Log4j is a widely used software. The vulnerability lets hackers force computers to download unauthorized software. At some points, there were over 100 attacks a minute.
Mandiant Chief Technology Officer Charles Carmakal said in the report that the perpetrators included “Chinese government attackers.”
The hackers in many cases had been taking control of computers, using them to mine cryptocurrency, the report stated. They also used computers to become part of botnets, large networks of computers used to overwhelm websites with traffic or spam.
The Department of Homeland Security’s U.S. Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly called the vulnerability “one of the most serious” she has seen in her career — if not the most serious, according to the report. She said there would likely be hundreds of millions of devices affected.
Almost half of the attacks had been done by known cyberattackers, the report stated. One of them was a group using Tsunami and Mirai malware, which turns devices into botnets.
Both CISA and the U.K.’s National Cyber Security Centre have issued warnings for companies to make upgrades relating to the Log4j vulnerability, according to the report.
CISA first warned of the vulnerability on Sunday (Dec. 12).
Read more: Department of Homeland Security Warns of Vulnerability in Commonly Used Software
Easterly said at the time that the only way to minimize the harm was “through collaborative efforts between government and the private sector. We urge all organizations to join us in this essential effort and take action.”