• Latest
  • Trending
Lazarus hackers target VMware servers with Log4Shell exploits

Lazarus hackers target VMware servers with Log4Shell exploits

May 20, 2022
Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023
EU Cybersecurity Agency Warns Against Chinese APTs

EU Cybersecurity Agency Warns Against Chinese APTs

February 20, 2023
How Your Storage System Will Still Be Viable in 5 Years’ Time?

How Your Storage System Will Still Be Viable in 5 Years’ Time?

February 20, 2023
The Broken Promises From Cybersecurity Vendors

Cloud Infrastructure Used By WIP26 For Espionage Attacks on Telcos

February 20, 2023
Instagram and Facebook to get paid-for verification

Instagram and Facebook to get paid-for verification

February 20, 2023
YouTube CEO Susan Wojcicki steps down after nine years

YouTube CEO Susan Wojcicki steps down after nine years

February 20, 2023
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Friday, 17 July, 2026
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

Lazarus hackers target VMware servers with Log4Shell exploits

by ITECHNEWS
May 20, 2022
in Infosec, Leading Stories
0 0
0
Lazarus hackers target VMware servers with Log4Shell exploits

The North Korean hacking group known as Lazarus is exploiting the Log4J remote code execution vulnerability to inject backdoors that fetch information-stealing payloads on VMware Horizon servers.

The vulnerability is tracked as CVE-2021-44228, aka Log4Shell, and impacts many products, including VMware Horizon.

YOU MAY ALSO LIKE

French Telco Orange Hit by Cyber-Attack

ATC Ghana supports Girls-In-ICT Program

The exploitation of vulnerable Horizon deployments started in January 2022, but many admins are yet to apply the available security updates.

According to a report published by analysts at Ahnlab’s ASEC, Lazarus has been targeting vulnerable VMware products via Log4Shell since April 2022.

Targeting VMware Horizon servers

To start the attack, the threat actors exploit the Log4j vulnerability through Vmware Horizon’s Apache Tomcat service to execute a PowerShell command. This PowerShell command will ultimately lead to installing the NukeSped backdoor on the server.

Log for NukeSped installation
Log for NukeSped installation (ASEC)

NukeSped (or NukeSpeed) is a backdoor malware first associated with DPRK hackers in the summer of 2018 and then linked to a 2020 campaign orchestrated by Lazarus.

The latest variant sampled and analyzed by ASEC is written in C++ and uses RC4 encryption for communicating securely with the C2 infrastructure. Previously, it used XOR.

NukeSped performs various espionage operations in the compromised environment, such as taking screenshots, recording key presses, accessing files, etc. Moreover, NukeSped supports command line commands.

Two new modules seen in the current NukeSped variant are one for dumping USB contents and one for accessing web camera devices.

Lazarus uses NukeSped to install an additional console-based information-stealer malware, which collects information stored on web browsers.

Info-stealer grabbing data from browsers
Info-stealer grabbing data from browsers (ASEC)

More specifically, the malware analyzed by ASEC can steal the following data:

  • Account credentials and browsing history stored in Google Chrome, Mozilla Firefox, Internet Explorer, Opera, and Naver Whale.
  • Email account information stored in Outlook Express, MS Office Outlook, and Windows Live Mail.
  • Names of recently used files from MS Office (PowerPoint, Excel, and Word) and Hancom 2010.

In some attacks, Lazarus was observed deploying Jin Miner instead of NukeSped by leveraging Log4Shell.

Since Jin Miner is a cryptocurrency miner, Lazarus probably used it on less critical systems targeted for monetary gains instead of cyber-espionage.

Log4Shell remains largely unresolved

Since the start of the year, Lazarus was spotted using LoLBins in Windows-targeting campaigns and malicious cryptocurrency apps to compromise Windows and macOS computers.

The Log4Shell exploitation comes on top of these to underline the variety of tactics used by the hacking group and to underline that the critical RCE flaw remains a significant security problem.

In March, most exploitation attempts were carried out by botnets, so many assumed that the targeting focused on poorly attended systems of lesser importance.

In April, security analysts reminded the public that the Log4Shell attack surface remains huge and will persist for a long time due to practical challenges.

The exploitation attempts of sophisticated threat actors are too few to register in statistics, but this shouldn’t create the illusion that Log4Shell has faded into insignificance.

Source: Bill Toulas
Via: bleepingcomputer
Tags: Lazarus hackers target VMware servers with Log4Shell exploits
ShareTweet

Get real time update about this post categories directly on your device, subscribe now.

Unsubscribe

Search

No Result
View All Result

Recent News

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025

Recent News

  • Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa July 29, 2025
  • French Telco Orange Hit by Cyber-Attack July 29, 2025
  • ATC Ghana supports Girls-In-ICT Program April 25, 2023
  • Vice President Dr. Bawumia inaugurates ICT Hub April 2, 2023
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© Copyright 2026, All Rights Reserved | iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© Copyright 2026, All Rights Reserved | iTechNewsOnline.Com - Powered by BackUPDataSystems

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?
Go to mobile version