Night Sky ransomware targets organization networks and has encrypted the data of many victims and demanded $800,000 in ransom from one of them. Night Sky Ransomware: The Night Sky ransomware gang has begun to attack the major CVE-2021-44228 vulnerability in the Log4j logging library to get access to VMware Horizon computers. Ubiquiti Network Targeted: It is found that Ubiquiti network appliances running the UniFi operating system are being attacked and taken over by threat actors using a customized public exploit for the Log4Shell vulnerability, on February 04, 2022. On February 18, 2022, researchers observed that Iran-linked APT group TunnelVision was actively exploiting the Log4j vulnerability to deliver ransomware to unpatched VMware Horizon servers. Researchers uncovered several overlaps between the Deep Panda campaign and Winnti, another notorious Chinese hacker group known for using digitally signed certificates. Users are recommended to check for firmware updates for Log4Shell vulnerabilities and apply the patches.įire Chili Malware: On April 01, 2022, a Chinese hacker group Deep Panda is deploying a new rootkit malware named Fire Chili on VMware Horizon servers using the Log4Shell exploit. This PowerShell command installs the NukeSped backdoor on the vulnerable server. As part of the attack chain, a PowerShell command is executed on VMware Horizon’s ws_tomcatservice.exe process in order to exploit the Log4j vulnerability. How this incident unfold? | Timeline | Securin’s POC Exploit | Get our Detection Script | IOCs | Our Analysis | Vulnerable ProductsĪPT MuddyWater Association: Iranian APT group MuddyWater joins the Log4j bandwagon, continuing the long-tail impact of the vulnerability that first made waves in December 2021.ĪPT Lazarus Association: On May 23, 2022, Lazarus, a group associated with North Korea, exploits Log4J’s RCE vulnerability (CVE-2021-44228) to gain access to VMware Horizon servers. Continuous scanning has been the most effective method that we’ve seen success with. The implications of Log4j are going to have a very long tail! Leaders need to continue to verify which of their systems are impacted and continuously check for updates to make sure they are completely patched. On December 9, 2021, the Internet was set on fire when an exploit was posted publicly for Apache Log4J – a well-known logging utility in the Java programming language. Apache Log4j vulnerability CVE-2021-44228 is a critical zero-day code execution vulnerability with a CVSS base score of 10.
0 Comments
Leave a Reply. |