![]() In one confirmed compromise, these APT actors were able to move laterally inside the network, gain access to a disaster recovery network, and collect and exfiltrate sensitive data,” CISA noted, and detailed both engagements – one of which ended up with them discovering that the victim organization was compromised by multiple threat actor groups. “As part of this exploitation, suspected APT actors implanted loader malware on compromised systems with embedded executables enabling remote command and control (C2). Since the public revelation of its existence and first detections of active exploitation in December 2021, attackers have been exploiting Log4Shell in a variety of the many vulnerable IT solutions.Īccording to the CISA, cyber threat actors, including state-sponsored advanced persistent threat (APT) actors, have continued to exploit Log4Shell in unpatched, internet-facing VMware Horizon and Unified Access Gateway servers to obtain initial access to organizations. The agency accompanied the warning with detailed technical information and indicators of compromised related to two separate incident response engagements they and the United States Coast Guard Cyber Command (CGCYBER) have conducted in the past months. If your organization is running VMware Horizon and Unified Access Gateway servers and you haven’t implemented the patches or workarounds to fix/mitigate the Log4Shell vulnerability (CVE-2021-44228) in December 2021, you should threat all those systems as compromised, the Cybersecurity and Infrastructure Security Agency (CISA) has advised on Thursday.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |