Back to Blog
Vmware horizon hackers under exploit by6/13/2023 ![]() CISA releases IOCs for attacks exploiting Log4Shell in VMware Horizon and UAG. "TunnelVision activities have been discussed previously and are tracked by other vendors under a variety of names, such as Phosphorus and, confusingly, either Charming Kitten or Nemesis Kitten," explains the SentinelLabs report. Log4j Vulnerability Exploited by Lazarus Hackers for Cyber Espionage. The exploit procedure is identical to that described by the NHS in a January 2022 security bulletin, and it entails the direct execution of PowerShell commands and the activation of reverse shells via the Tomcat service. While TunnelVision has some similarities and overlaps with other Iranian hacking groups, SentinelLabs attributes the activity to a separate and distinct cluster. The target deployments are VMware Horizon servers that are vulnerable to Log4j issues that are trivial to exploit. The target deployments are VMware Horizon servers vulnerable to the easy-to-exploit Log4j flaws.Įxecution of a reverse shell utilizing VMware Horizon NodeJS component. ![]() Safety agency SentinelOne has dubbed the group TunnelVision. ![]() Security analysts at SentinelLabs who have been tracking the activity chose that name due to the group's heavy reliance on tunneling tools, which help them hide their activities from detecting solutions. Researchers mentioned on Thursday that hackers aligned with the federal government of Iran are exploiting the vital Log4j vulnerability to contaminate unpatched VMware customers with ransomware, researchers mentioned on Thursday. An Iranian-aligned hacking group tracked as TunnelVision was spotted exploiting Log4j on VMware Horizon servers to breach corporate networks in the Middle East and the United States.
0 Comments
Read More
Leave a Reply. |