You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates. File modifications to ‘…\VMware\VMware View\Server\appblastgateway\lib\absg-worker.js’ (This file is generally overwritten during upgrades, and not modified.).Any powershell.exe processes containing ‘VMBlastSG’ in the commandline.We’re sharing our observed activities and indicators of compromise (IOCs) related to this activity. Evidence of ws_TomcatService.exe spawning abnormal processes. Attackers are actively targeting VMware Horizon servers vulnerable to Apache Log4j CVE-2021-44228 (Log4Shell) and related vulnerabilities that were patched in December 2021.Things that are recommended by the experts to look after:. ![]() To perform all these things, with the command and control (C2) server the threat actors establish persistent and stable communication, as it’s one of the key factors. Here, the presence of the Apache Tomcat service in VMware Horizon gives efficient advantages to the threat actors, since this service is also vulnerable to Log4Shell.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |