As part of this exploitation, suspected APT actors implanted loader malware on compromised systems with embedded executables enabling remote command and control (C2). “Since December 2021, multiple threat actor groups have exploited Log4Shell on unpatched, public-facing VMware Horizon and UAG servers. On Thursday, the Cybersecurity and Infrastructure Security Agency issued a new alert, warning network defenders that high-level attackers are still focusing on upatched VMware systems, specifically VMware Horizon and Unified Access Gateway instances. APT teams and opportunistic attackers began exploiting the bug, which is a remote code execution flaw, immediately after the public disclosure and exploitation has continued in the months since then. Many vendors, including VMware released updates within a few days of the disclosure, but because of the scale of the issue and the number of affected vendors, defenders had a a huge amount of work on their hands to identify affected systems, prioritize them, and then roll out patches when they could. The initial disclosure of the Log4Shell vulnerability in the Apache Log4j tool came in December, and the number of affected vendors is quite large. APT teams are continuing to target organizations that have not patched the Log4Shell vulnerability in VMware products, installing malware and web shells to maintain persistence, and in some cases gaining access to test networks and disaster recovery systems.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |