Security News > 2022 > February > Iranian hackers target VMware Horizon servers with Log4j exploits

Iranian hackers target VMware Horizon servers with Log4j exploits
2022-02-18 19:55

An Iranian-aligned hacking group tracked as TunnelVision was spotted exploiting Log4j on VMware Horizon servers to breach corporate networks in the Middle East and the United States.

Security analysts at SentinelLabs who have been tracking the activity chose that name due to the group's heavy reliance on tunneling tools, which help them hide their activities from detecting solutions.

The target deployments are VMware Horizon servers vulnerable to the easy-to-exploit Log4j flaws.

Execution of a reverse shell utilizing VMware Horizon NodeJS component.

While TunnelVision has some similarities and overlaps with other Iranian hacking groups, SentinelLabs attributes the activity to a separate and distinct cluster.

"TunnelVision activities have been discussed previously and are tracked by other vendors under a variety of names, such as Phosphorus and, confusingly, either Charming Kitten or Nemesis Kitten," explains the SentinelLabs report.


News URL

https://www.bleepingcomputer.com/news/security/iranian-hackers-target-vmware-horizon-servers-with-log4j-exploits/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Vmware 146 11 222 256 102 591