Log4j attacks against VMware Horizon servers continue unabated

71

VMware Horizon servers — which many organizations use to provide remote workers with secure anywhere, anytime access to enterprise applications — continue to be a popular target for attackers using the critical Apache Log4j remote code execution vulnerability disclosed in December 2021 want to exploit.

Sophos researchers said this week they have observed a wave of attacks targeting vulnerable Horizon servers from January 19, 2022 up until now. Many of the attacks involved attempts by threat actors to deploy cryptocurrency miners such as JavaX Miner, Jin, z0Miner, XMRig variants, and other similar tools. But in several other cases, Sophos observed attackers attempting to install backdoors to maintain persistent access to compromised systems.

The security vendor said its analysis suggests the attackers deploying backdoors are likely Initial Access Brokers (IABs) trying to provide other threat actors with access to compromised networks for a fee. ransomware…



Source link

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.