Security News > 2022 > May > Hackers Exploiting VMware Horizon to Target South Korea with NukeSped Backdoor
The North Korea-backed Lazarus Group has been observed leveraging the Log4Shell vulnerability in VMware Horizon servers to deploy the NukeSped implant against targets located in its southern counterpart.
NukeSped is a backdoor that can perform various malicious activities based on commands received from a remote attacker-controlled domain.
Last year, Kaspersky disclosed a spear-phishing campaign aimed at stealing critical data from defense companies using a NukeSped variant called ThreatNeedle.
Some of the key functions of the backdoor range from capturing keystrokes and taking screenshots to accessing the device's webcam and dropping additional payloads such as information stealers.
"The attacker collected additional information by using backdoor malware NukeSped to send command line commands," the researchers said.
"The collected information can be used later in lateral movement attacks."
News URL
https://thehackernews.com/2022/05/hackers-exploiting-vmware-horizon-to.html
Related news
- South Korea Fines Meta $15.67M for Illegally Sharing Sensitive User Data with Advertisers (source)
- US charges Phobos ransomware admin after South Korea extradition (source)
- Salt Typhoon hackers backdoor telcos with new GhostSpider malware (source)
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)
- Hackers exploit ProjectSend flaw to backdoor exposed servers (source)
- Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoor (source)
- Winnti hackers target other threat actors with new Glutton PHP backdoor (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)