The US Agency for Cybersecurity and Infrastructure Security (CISA) is investigating attacks that exploit the Log4Shell vulnerability in third-party products such as VMware Horizon and Unified Access Gateway (UAG). The agency released Indicators of Compromise (IOCs) collected from incidents it investigated as recently as June, highlighting the long-lasting impact of this vulnerability, which is more than six months old.
“From May to June 2022, CISA provided remote support for incidents at an organization where CISA observed suspected Log4Shell PowerShell downloads,” the agency said in a report this week. “During remote support, CISA confirmed that the company was compromised by malicious cyber actors exploiting Log4Shell on a VMware Horizon server that had no patches or workarounds applied.”
Log4Shell’s long tail
The Log4Shell vulnerability tracked as CVE-2021-44228 is a critical remote code execution bug in a widely used Java logging library called …