Scared of the dark? You won't be if you get one of our favorite flashlights The attack was discovered and parried by CrowdStrike’s Overwatch threat-hunting specialists. According to CrowdStrike, China-based hackers launched an attack on an unspecified academic institution using a Log4j vulnerability. The vulnerability lay in a VMware Horizon instance used by the institution in question.
'Attempts to compromise Horizon servers are among the more targeted exploits of Log4Shell vulnerabilities because of their nature,' the researchers wrote. Lazarus, also tracked as Hidden Cobra and APT38, is known for stealing hundreds of millions in cryptocurrency from crypto firms. 'VMware has pushed out patched versions of Horizon as of March 8 2022, but many organizations may still not have deployed the fixed versions or applied workarounds to vulnerable ones. The US Treasury sanctioned Lazarus in 2019 for crypto and banking system heists that it said helped raise revenues to fund North Korea's nuclear weapons and ballistic missile programs. Organizations should have patched this flaw months ago. VMware Horizon servers are under active exploit by Iranian state hackers 0 February 18, 2022: Hackers aligned with the government of Iran are exploiting the critical Log4j vulnerability to infect unpatched VMware users with ransomware, researchers said on Thursday.
Vmware horizon hackers under exploit by Patch#
The Cybersecurity and Infrastructure Security Agency (CISA) in September warned organizations to patch VMware Horizon's Log4Shell flaws, some nine months after VMware released its Log4Shell patches for Horizon servers. Security firm SentinelOne has dubbed the group TunnelVision. Hackers at Iran's Ministry of Intelligence and Security (MOIS), which are tracked as MuddyWater, have also recently been using Log4Shell to compromise organizations in Israel but via unpatched server software from an Israeli vendor that includes Log4J, according to Microsoft.
0 kommentar(er)
