The U.S. Cybersecurity and Infrastructure Security Agency (CISA) along with the Coast Guard Cyber Command (CGCYBER) released a joint alert on Thursday about ongoing attempts by threat actors to exploit the Log4Shell flaw in VMware Horizon servers to target to hurt networks.
“Since December 2021, multiple groups of threat actors have deployed Log4Shell on unpatched, publicly-facing VMware Horizon and [Unified Access Gateway] Servers,” authorities said. “As part of this exploitation, suspected APT actors implanted loader malware on compromised systems with embedded executable files enabling remote command-and-control (C2).”
In one instance, the attacker was said to have been able to move laterally within the victim’s network, gain access to a disaster recovery network, and gather and exfiltrate sensitive law enforcement data.
Log4Shell, tracked as CVE-2021-44228 (CVSS score: 10.0), is a remote code execution vulnerability affecting the Apache Log4j logging library…