Threat actors are still Exploiting Log4Shell vulnerability
July 7th, 2022 - Written By CyberLabs
Cybersecurity & Infrastructure Security Agency (CISA) and the United States Coast Guard Cyber Command (CGCYBER) released a joint Cybersecurity Advisory (CSA) on june 23rd 2022 warning cyber threat actors, including state-sponsored advanced persistent threat (APT) actors, still continue to exploit Log4Shell vulnerability tracked as CVE-2021-44228 in VMware Horizon and Unified Access Gateway (UAG) servers. The unpatched VMware Horizon and Unified Access Gateway (UAG) servers are used to obtain initial access to organizations.
“Since December 2021, multiple threat actor groups have exploited Log4Shell on unpatched, public-facing VMware Horizon and UAG servers. As part of this exploitation, suspected APT actors implanted loader malware on compromised systems with embedded executables enabling remote command and control (C2). In one confirmed compromise, these APT actors were able to move laterally inside the network, gain access to a disaster recovery network, and collect and exfiltrate sensitive data.” The two agencies mentioned in the advisory. The advisory includes details collected during incident response activities at two related confirmed compromises. Which includes indicators of compromise and threat actor’s tactics and techniques.
CISA and CGCYBER encourage all organizations to update all VMware Horizon and UAG systems to the latest versions. If any update is not possible VMware’s has release workaround to be followed. For more details read the joint advisory .
Source: