Security News > 2022 > May > Lazarus hackers target VMware servers with Log4Shell exploits
The North Korean hacking group known as Lazarus is exploiting the Log4J remote code execution vulnerability to inject backdoors that fetch information-stealing payloads on VMware Horizon servers.
According to a report published by analysts at Ahnlab's ASEC, Lazarus has been targeting vulnerable VMware products via Log4Shell since April 2022.
NukeSped is a backdoor malware first associated with DPRK hackers in the summer of 2018 and then linked to a 2020 campaign orchestrated by Lazarus.
Lazarus uses NukeSped to install an additional console-based information-stealer malware, which collects information stored on web browsers.
In some attacks, Lazarus was observed deploying Jin Miner instead of NukeSped by leveraging Log4Shell.
Since Jin Miner is a cryptocurrency miner, Lazarus probably used it on less critical systems targeted for monetary gains instead of cyber-espionage.
News URL
Related news
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware (source)
- XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells (source)
- DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects (source)
- Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores (source)
- SonicWall firewall exploit lets hackers hijack VPN sessions, patch now (source)
- North Korean Hackers Exploit PowerShell Trick to Hijack Devices in New Cyberattack (source)
- Hackers exploit authentication bypass in Palo Alto Networks PAN-OS (source)
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)
- Hackers Exploit Signal's Linked Devices Feature to Hijack Accounts via Malicious QR Codes (source)