CISA has released a new report that outlines attacks that are still using the Log4Shell vulnerability (CVE-2021-44228) and targeting VMware Horizon and Unified Access Gateway (UAG) servers. Attackers can exploit Log4Shell remotely on vulnerable servers exposed to local or Internet access to move laterally across networks until they gain access to internal systems containing sensitive data. This report outlined attacks where APT actors were remotely accessing unpatched versions of VMware and implanting loader malware on compromised systems with embedded executables enabling remote Command and Control (C2). In one of the confirmed attacks, threat actors were seen moving laterally around the network and stealing sensitive files.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is