![]() In one confirmed compromise, these APT actors were able to move laterally inside the network, gain access to a disaster recovery network, and collect and exfiltrate sensitive data.Īdditional Details of the CISA/CGCYBER Investigation These threat actors implanted loader malware on compromised systems with embedded executables enabling remote command and control (C2). Additional details about this group and its associated tactics, techniques, and procedures (TTPs) are available in US-CERT Alert (AA22-174A) Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems.Īccording to the information released, multiple threat actors have continued to exploit Log4Shell on unpatched, public-facing VMware Horizon and UAG servers since December 2021. ![]() These actors are exploiting CVE-2021-44228 on VMware Horizon® and Unified Access Gateway (UAG) servers to obtain initial access to organizations that did not apply available patches or workarounds. On June 23 rd, the Cybersecurity and Infrastructure Security Agency (CISA) and the United States Coast Guard Cyber Command (CGCYBER) issued a joint advisory highlighting the ongoing exploitation of CVE-2021-44228 (Log4Shell) by several threat actors, including state-sponsored Advanced Persistent Threat (APT) groups. Author: Kaustubh Jagtap, Product Marketing Director, SafeBreach
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |