• Latest
  • Trending
CISA: Log4Shell exploits still being used to hack VMware servers

CISA: Log4Shell exploits still being used to hack VMware servers

July 11, 2022
Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023
EU Cybersecurity Agency Warns Against Chinese APTs

EU Cybersecurity Agency Warns Against Chinese APTs

February 20, 2023
How Your Storage System Will Still Be Viable in 5 Years’ Time?

How Your Storage System Will Still Be Viable in 5 Years’ Time?

February 20, 2023
The Broken Promises From Cybersecurity Vendors

Cloud Infrastructure Used By WIP26 For Espionage Attacks on Telcos

February 20, 2023
Instagram and Facebook to get paid-for verification

Instagram and Facebook to get paid-for verification

February 20, 2023
YouTube CEO Susan Wojcicki steps down after nine years

YouTube CEO Susan Wojcicki steps down after nine years

February 20, 2023
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Thursday, 16 July, 2026
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

CISA: Log4Shell exploits still being used to hack VMware servers

by ITECHNEWS
July 11, 2022
in Infosec, Leading Stories
0 0
0
CISA: Log4Shell exploits still being used to hack VMware servers

CISA warned today that threat actors, including state-backed hacking groups, are still targeting VMware Horizon and Unified Access Gateway (UAG) servers using the Log4Shell (CVE-2021-44228) remote code execution vulnerability.

Attackers can exploit Log4Shell remotely on vulnerable servers exposed to local or Internet access to move laterally across networks until they gain access to internal systems containing sensitive data.

YOU MAY ALSO LIKE

French Telco Orange Hit by Cyber-Attack

ATC Ghana supports Girls-In-ICT Program

After its disclosure in December 2021, multiple threat actors began scanning for and exploiting unpatched systems, including state-backed hacking groups from China, Iran, North Korea, and Turkey, as well as several access brokers commonly used by ransomware gangs.

Today, in a joint advisory with the US Coast Guard Cyber Command (CGCYBER), the cybersecurity agency said that servers have been compromised using Log4Shell exploits to gain initial access into targeted organizations’ networks.

After breaching the networks, they deployed various malware strains providing them with the remote access needed to deploy additional payloads and exfiltrate hundreds of gigabytes of sensitive information.

“As part of this exploitation, suspected APT actors implanted loader malware on compromised systems with embedded executables enabling remote command and control (C2),” the advisory revealed.

“In one confirmed compromise, these APT actors were able to move laterally inside the network, gain access to a disaster recovery network, and collect and exfiltrate sensitive data.”

Unpatched VMware systems should be considered compromised

Organizations that haven’t yet patched their VMware servers are advised to tag them as hacked and start incident response (IR) procedures.

The steps required for proper response in such a situation include the immediate isolation of potentially affected systems, collection and review of relevant logs and artifacts, hiring third-party IR experts (if needed), and reporting the incident to CISA.

“CISA and CGCYBER recommend all organizations with affected systems that did not immediately apply available patches or workarounds to assume compromise and initiate threat hunting activities using the IOCs provided in this CSA, Malware Analysis Report (MAR)-10382580-1, and MAR-10382254-1,” the two agencies said.

“If potential compromise is detected, administrators should apply the incident response recommendations included in this CSA and report key findings to CISA.”

Today’s advisory comes after VMware has also urged customers in January to secure Internet-exposed VMware Horizon servers against ongoing Log4Shell attacks.

Since the start of the year, VMware Horizon servers have been targeted by Chinese-speaking threat actors to deploy Night Sky ransomware, the Lazarus North Korean APT to deploy information stealers, and the TunnelVision Iranian-aligned hacking group to deploy backdoors.

Until you can install patched builds by updating all affected VMware Horizon and UAG servers to the latest versions, you can reduce the attack surface “by hosting essential services on a segregated demilitarized (DMZ) zone,” deploying web application firewalls (WAFs), and “ensuring strict network perimeter access controls.”

Source: Sergiu Gatlan
Via: bleepingcomputer
Tags: CISA: Log4Shell exploits still being used to hack VMware servers
ShareTweet

Get real time update about this post categories directly on your device, subscribe now.

Unsubscribe

Search

No Result
View All Result

Recent News

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025

Recent News

  • Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa July 29, 2025
  • French Telco Orange Hit by Cyber-Attack July 29, 2025
  • ATC Ghana supports Girls-In-ICT Program April 25, 2023
  • Vice President Dr. Bawumia inaugurates ICT Hub April 2, 2023
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© Copyright 2026, All Rights Reserved | iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© Copyright 2026, All Rights Reserved | iTechNewsOnline.Com - Powered by BackUPDataSystems

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?
Go to mobile version