Cybersecurity experts recently discovered that the Log4Shell exploitation is happening, and the hackers are attacking the VMware Horizon servers.
Apart from that, they also uncovered that the attacks also involved the deployment of crypto miners and backdoors. The worst part is that the hackers can easily steal your personal information by using scripts in the process.
Log4Shell Exploit Continues to Hit VMware Servers
(Photo : James Harrison from Unsplash)
Cybersecurity researchers from Sophos said that the Log4shell vulnerability was exploited to infect vulnerable VMware Horizon servers.
According to a report by ZDNET, Microsoft has previously dealt with Log4Shell vulnerability. Based on its findings, it appeared that this exploit was staged by state-sponsored hackers wherein the center of the scheme is cryptocurrency mining and spreading bots and malware.
Back in December, there was a patch to combat this dangerous threat. However, several systems still remained outdated at that time.
Recently, Sophos cybersecurity analysts said that the Log4Shell attacks are thriving in the unsecured VMware Horizon servers. It infects the system through four crypto miners and three various backdoors.
As part of the culprits’ operations, the cybercriminals use a bug that will be an important component in gaining access to the affected servers. After they enter the network, they will begin installing remote monitoring software, disguising itself as surveillance tools.
During the investigation, Sophos found out that the threat actors used the Silver backdoor as an “open-source offensive security implant.”
Additionally, the cybersecurity firm discovered four miners in the incident, which were particularly described as Jin, JavaX miner, z0Miner, and Mimu, the notorious miner behind Monero.
Related Article: Log4J Attacks Top 840,000 Within Three Days; 100 A MINUTE During The Past Weekend
Log4Shell Flaw in Cryptojacking Incidents
In another report from Trend Micro, it was observed that the z0Miner operators were taking advantage of CVE-2021-26084 or the Atlassian Confluence RCE to carry out cryptojacking schemes.
“While z0Miner, JavaX, and some other payloads were downloaded directly by the web shells used for initial compromise, the Jin bots were tied to the use of Silver, and used the same wallets as Mimo — suggesting these three malware [strains] were used by the same actor,” the researchers wrote.
Furthermore, another piece of evidence hinted at the presence of the reverse shell deployment. This is used to gather some details on the device, as well as from the backup.
Per Sophos senior security researcher Sean Gallagher, many organizations might not notice the Log4J vulnerability in their infrastructure, specifically those with inadequate security protection.
He added that even though patching is important, this won’t be enough to prevent the hacker from infecting your devices through a web shell or backdoor installation.
Log4Shell Exploit Could Haunt the Internet For Years
Previously, Tech Times wrote that the Log4J flaw could exist for several months or years, according to cybersecurity experts. At that time, the analysts could not see any improvement that would hint at the end of the vulnerability.
Although the execution of this exploit is easy, its impact on the systems should not be underestimated. All it takes is a single code string for the hacker to pull off this scheme.
This article is owned by Tech Times
Written by Joseph Henry
ⓒ 2021 TECHTIMES.com All rights reserved. Do not reproduce without permission.