Security News > 2022 > January > NHS Warns of Hackers Targeting Log4j Flaws in VMware Horizon

The digital security team at the U.K. National Health Service has raised the alarm on active exploitation of Log4Shell vulnerabilities in unpatched VMware Horizon servers by an unknown threat actor to drop malicious web shells and establish persistence on affected networks for follow-on attacks.

"The attack likely consists of a reconnaissance phase, where the attacker uses the Java Naming and Directory InterfaceTM via Log4Shell payloads to call back to malicious infrastructure," the non-departmental public body said in an alert.

"Once a weakness has been identified, the attack then uses the Lightweight Directory Access Protocol to retrieve and execute a malicious Java class file that injects a web shell into the VM Blast Secure Gateway service."

VMware Horizon versions 7.x and 8.x are vulnerable to the Log4j vulnerabilities.

The development also marks the second time VMware products have come under exploitation stemming as a result of vulnerabilities in the Log4j library.

Last month, AdvIntel researchers disclosed that attackers were targeting systems running VMware VCenter servers with the aim of installing Conti ransomware.

News URL

https://thehackernews.com/2022/01/nhs-warns-of-hackers-targeting-log4j.html