![]() It infects the system through four crypto miners and three various. An Iranian-aligned hacking group tracked as TunnelVision was spotted exploiting Log4j on VMware Horizon servers to breach corporate networks in the Middle East and the United States. Recently, Sophos cybersecurity analysts said that the Log4Shell attacks are thriving in the unsecured VMware Horizon servers. The security team of the UK National Health Service (NHS) said that it detected an unknown threat actor using the Log4Shell vulnerability to hack VMWare Horizon servers and plant web shells for future attacks. Cybersecurity and Infrastructure Security Agency (CISA) and the Coast Guard Cyber Command (CGCYBER) said that cyber hackers, including state-sponsored advanced persistent threat (APT) hackers, have continued to exploit CVE-2021-44228 in VMware Horizon and Unified Access Gateway (UAG) servers. Researchers mentioned on Thursday that hackers aligned with the federal government of Iran are exploiting the vital Log4j vulnerability to contaminate unpatched VMware customers with ransomware, researchers mentioned on Thursday. Security analysts at SentinelLabs who have been tracking the activity chose that name due to the group's heavy reliance on tunneling tools, which help them hide their activities from detecting solutions. Safety agency SentinelOne has dubbed the group TunnelVision. The target deployments are VMware Horizon servers vulnerable to the easy-to-exploit Log4j flaws.Įxecution of a reverse shell utilizing VMware Horizon NodeJS component. ![]() The target deployments are VMware Horizon servers that are vulnerable to Log4j issues that are trivial to exploit. Getty Images 36 Hackers aligned with the government of Iran are exploiting the critical Log4j vulnerability to infect unpatched VMware users with ransomware, researchers said on Thursday. While TunnelVision has some similarities and overlaps with other Iranian hacking groups, SentinelLabs attributes the activity to a separate and distinct cluster. It was independently reported to the vendor by Kai Zhao of ToTU Security Team and Steven Yu. The exploit procedure is identical to that described by the NHS in a January 2022 security bulletin, and it entails the direct execution of PowerShell commands and the activation of reverse shells via the Tomcat service. Vmware horizon hackers are under exploit 0 Comments This critical vulnerability should be patched or mitigated immediately per the instructions in VMSA-2021-0014. VMware vCenter Server VMware vCenter Server is solution to manage VMware vSphere. Log4j Vulnerability Exploited by Lazarus Hackers for Cyber Espionage. Database (CVE/exploit-db/etc) 6 BlackBox Not much time. vulnerability affects VMware Horizon and Unified Access Gateway servers. "TunnelVision activities have been discussed previously and are tracked by other vendors under a variety of names, such as Phosphorus and, confusingly, either Charming Kitten or Nemesis Kitten," explains the SentinelLabs report. Hackers Still Exploiting Log4Shell Flaw in Unpatched VMware Servers, Feds Warn. CISA releases IOCs for attacks exploiting Log4Shell in VMware Horizon and UAG.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |