The Night Sky ransomware gang has started exploiting the CVE-2021-44228 critical vulnerability in the Log4j logging library, also known as Log4Shell, to gain access to VMware Horizon systems.
The threat actor targets vulnerable computers accessible on the public web from domains masquerading as legitimate companies, some in the technology and cybersecurity fields.
The attacks began in early January
Night Sky ransomware was discovered by security researcher MalwareHunterTeam in late December 2021 and focuses on blocking corporate networks. It encrypted several victims and demanded $800,000 in ransom from one of them.
On Monday, Microsoft issued an alert on a new campaign by a China-based actor, tracked as DEV-0401, to exploit the Log4Shell vulnerability on VMware Horizon systems, which has been exposed on the internet, and deploy Night Sky ransomware.
VMware Horizon is used for desktop and app virtualization in the cloud, allowing users to have a dedicated…