apt-groups-swarming-on-vmware-servers-with-log4shell

Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

APT Groups Swarming on VMware Servers with Log4Shell

Organizations with public-facing VMware Horizon and Unified Access Gateway (UAG) servers without appropriate Log4Shell mitigations have been under a barrage of attacks from a range of attackers, including state-sponsored advanced persistent threat (APT) actors.

In fact, a new Cybersecurity and Infrastructure Agency (CISA) alert tells organizations running servers without Log4Shell updates to just assume they’ve been compromised and proceed with threat hunting and incident response. CISA added that in one instance, APT attackers were able to breach a disaster recovery network, move laterally, and steal sensitive data.

“If potential compromise is detected, administrators should apply the incident response recommendations included in this CSA and report key findings to CISA,” the warning, issued along with the US Coast Guard Cyber Command (CGCYBER), said.

CISA also provides a list of indicators of compromise (IOC) and extensive technical details for threat hunters.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Related News

How to Craft Rich Data-Driven Infographics with Powered Template

How to Craft Rich Data-Driven Infographics with Powered Template

We’re living in a data-driven world, and this means that it’s imperative to share information in the most engaging and…
Meta Fined €265 million in Facebook Data Scraping Case in the EU

Meta Fined €265 million in Facebook Data Scraping Case in the EU

Ireland’s Data Protection Commissioner (DPC) has placed yet another fine of €265 million ($277 million) on Meta following Facebook’s data…
Critical Flaw Exploited to Bypass Fortinet Products and Compromise Orgs

Critical Flaw Exploited to Bypass Fortinet Products and Compromise Orgs

While performing routine monitoring, Cyble’s Global Sensor Intelligence (GIS) discovered a threat actor is distributing unauthorized access to several Fortinet…