Security News > 2022 > June > CISA: Log4Shell exploits still being used to hack VMware servers
CISA warned today that threat actors, including state-backed hacking groups, are still targeting VMware Horizon and Unified Access Gateway servers using the Log4Shell remote code execution vulnerability.
Attackers can exploit Log4Shell remotely on vulnerable servers exposed to local or Internet access to move laterally across networks until they gain access to internal systems containing sensitive data.
Today, in a joint advisory with the US Coast Guard Cyber Command, the cybersecurity agency said that servers have been compromised using Log4Shell exploits to gain initial access into targeted organizations' networks.
Today's advisory comes after VMware has also urged customers in January to secure Internet-exposed VMware Horizon servers against ongoing Log4Shell attacks.
Since the start of the year, VMware Horizon servers have been targeted by Chinese-speaking threat actors to deploy Night Sky ransomware, the Lazarus North Korean APT to deploy information stealers, and the TunnelVision Iranian-aligned hacking group to deploy backdoors.
Until you can install patched builds by updating all affected VMware Horizon and UAG servers to the latest versions, you can reduce the attack surface "By hosting essential services on a segregated demilitarized zone," deploying web application firewalls, and "Ensuring strict network perimeter access controls."
News URL
Related news
- Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining (source)
- Hackers exploit Ray framework flaw to breach servers, hijack resources (source)
- Chilean hosting firm's VMware ESXi servers hit by new SEXi ransomware (source)
- Hosting firm's VMware ESXi servers hit by new SEXi ransomware (source)
- CISA investigates critical infrastructure breach after Sisense hack (source)
- CISA says Sisense hack impacts critical infrastructure orgs (source)
- CISA orders agencies impacted by Microsoft hack to mitigate risks (source)