Security News > 2022 > February > Iranian hackers target VMware Horizon servers with Log4j exploits
An Iranian-aligned hacking group tracked as TunnelVision was spotted exploiting Log4j on VMware Horizon servers to breach corporate networks in the Middle East and the United States.
Security analysts at SentinelLabs who have been tracking the activity chose that name due to the group's heavy reliance on tunneling tools, which help them hide their activities from detecting solutions.
The target deployments are VMware Horizon servers vulnerable to the easy-to-exploit Log4j flaws.
Execution of a reverse shell utilizing VMware Horizon NodeJS component.
While TunnelVision has some similarities and overlaps with other Iranian hacking groups, SentinelLabs attributes the activity to a separate and distinct cluster.
"TunnelVision activities have been discussed previously and are tracked by other vendors under a variety of names, such as Phosphorus and, confusingly, either Charming Kitten or Nemesis Kitten," explains the SentinelLabs report.
News URL
Related news
- Russia-Linked Turla Exploits Pakistani Hackers' Servers to Target Afghan and Indian Entities (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoor (source)
- Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection (source)
- APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP (source)
- Hackers exploit DoS flaw to disable Palo Alto Networks firewalls (source)
- Hackers exploit Four-Faith router flaw to open reverse shells (source)
- Hackers exploit KerioControl firewall flaw to steal admin CSRF tokens (source)
- Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners (source)