Security News > 2022 > May > Lazarus hackers target VMware servers with Log4Shell exploits
The North Korean hacking group known as Lazarus is exploiting the Log4J remote code execution vulnerability to inject backdoors that fetch information-stealing payloads on VMware Horizon servers.
According to a report published by analysts at Ahnlab's ASEC, Lazarus has been targeting vulnerable VMware products via Log4Shell since April 2022.
NukeSped is a backdoor malware first associated with DPRK hackers in the summer of 2018 and then linked to a 2020 campaign orchestrated by Lazarus.
Lazarus uses NukeSped to install an additional console-based information-stealer malware, which collects information stored on web browsers.
In some attacks, Lazarus was observed deploying Jin Miner instead of NukeSped by leveraging Log4Shell.
Since Jin Miner is a cryptocurrency miner, Lazarus probably used it on less critical systems targeted for monetary gains instead of cyber-espionage.
News URL
Related news
- Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining (source)
- Hackers exploit Ray framework flaw to breach servers, hijack resources (source)
- Hackers exploit 14-year-old CMS editor on govt, edu sites for SEO poisoning (source)
- Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK Malware (source)
- Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware (source)
- Magnet Goblin Hacker Group Leveraging 1-Day Exploits to Deploy Nerbian RAT (source)
- Hackers exploit Windows SmartScreen flaw to drop DarkGate malware (source)
- Hackers exploit Aiohttp bug to find vulnerable networks (source)
- Chilean hosting firm's VMware ESXi servers hit by new SEXi ransomware (source)
- Hosting firm's VMware ESXi servers hit by new SEXi ransomware (source)