An Iranian-aligned hacking group tracked as TunnelVision was spotted exploiting Log4j on VMware Horizon servers to breach corporate networks in the Middle East and the United States. Researchers mentioned on Thursday that hackers aligned with the federal government of Iran are exploiting the vital Log4j vulnerability to contaminate unpatched VMware customers with ransomware, researchers mentioned on Thursday. Security analysts at SentinelLabs who have been tracking the activity chose that name due to the group's heavy reliance on tunneling tools, which help them hide their activities from detecting solutions. Safety agency SentinelOne has dubbed the group TunnelVision. The US National Security Agency (NSA) is warning organizations to patch or take mitigation steps to close a vulnerability in several VMware products that Russian state-sponsored hackers are. The target deployments are VMware Horizon servers vulnerable to the easy-to-exploit Log4j flaws.Įxecution of a reverse shell utilizing VMware Horizon NodeJS component. The target deployments are VMware Horizon servers that are vulnerable to Log4j issues that are trivial to exploit. While TunnelVision has some similarities and overlaps with other Iranian hacking groups, SentinelLabs attributes the activity to a separate and distinct cluster. The exploit procedure is identical to that described by the NHS in a January 2022 security bulletin, and it entails the direct execution of PowerShell commands and the activation of reverse shells via the Tomcat service. Log4j Vulnerability Exploited by Lazarus Hackers for Cyber Espionage. "TunnelVision activities have been discussed previously and are tracked by other vendors under a variety of names, such as Phosphorus and, confusingly, either Charming Kitten or Nemesis Kitten," explains the SentinelLabs report. ![]() ![]() Security firm SentinelOne has dubbed the group TunnelVision. CISA releases IOCs for attacks exploiting Log4Shell in VMware Horizon and UAG. Enlarge (credit: Getty Images) Hackers aligned with the government of Iran are exploiting the critical Log4j vulnerability to infect unpatched VMware users with ransomware, researchers said on Thursday.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |