The digital security team of the UK’s National Health Service (NHS) has alerted the active exploitation of Log4Shell vulnerabilities in unpatched VMware Horizon servers by an unknown threat actor to delete malicious web shells and create persistence in affected networks for follow-up attacks.

“The attack likely consists of an intelligence phase in which the attacker uses the Java Naming and Directory InterfaceTM (JNDI) through Log4Shell payloads to recall malicious infrastructure,” a warning said. “Once a vulnerability is identified, the attack uses the Lightweight Directory Access Protocol (LDAP) to obtain and execute a malicious Java class file that a web shell injects into the VM Blast Secure Gateway service.”

Automatic GitHub backups

The web shell, once deployed, can act as a conduit to perform a variety of post-exploitation activities, such as: B. the provision of additional malicious software, data exfiltration or the provision of ransomware. VMware …


Source link

Leave a Reply