![]() According to researchers, ONUS’s Cyclos server was exploited by threat actors between December 11th and 13th, and backdoors were planted to allow sustained access. Threat actors put roughly 2 million ONUS customers’ data up for sale on dark forums after the firm refused to pay the ransom of $5 million. ONUS Falls Victim: ONUS, a crypto trading platform, suffered a cyberattack on its payment system, which was running a vulnerable Log4j version. It’s vital that firms and their vendors who use Log4j act quickly to decrease the risk of consumer harm and prevent FTC legal action.Īfter noticing state-sponsored and cyber-criminal attackers investigating systems for the LogShell weakness in December, Microsoft has issued a warning to Windows and Azure customers users to be careful. US Federal Trade Commission Warning: On January 05, 2022, the US Federal Trade Commission warned that it will take action against any US company not protecting its customers’ information from ongoing Log4J attacks. ![]() On January 10, 2022, Microsoft has issued a warning on a new campaign by a China-based attacker known as DEV-0401 that aims to exploit the Log4Shell vulnerability on publicly accessible VMware Horizon servers and install the Night Sky ransomware. Night Sky ransomware targets organization networks and has encrypted the data of many victims and demanded $800,000 in ransom from one of them. Night Sky Ransomware: The Night Sky ransomware gang has begun to attack the major CVE-2021-44228 vulnerability in the Log4j logging library to get access to VMware Horizon computers. Ubiquiti Network Targeted: It is found that Ubiquiti network appliances running the UniFi operating system are being attacked and taken over by threat actors using a customized public exploit for the Log4Shell vulnerability, on February 04, 2022. On February 18, 2022, researchers observed that Iran-linked APT group TunnelVision was actively exploiting the Log4j vulnerability to deliver ransomware to unpatched VMware Horizon servers. Researchers uncovered several overlaps between the Deep Panda campaign and Winnti, another notorious Chinese hacker group known for using digitally signed certificates. Users are recommended to check for firmware updates for Log4Shell vulnerabilities and apply the patches.įire Chili Malware: On April 01, 2022, a Chinese hacker group Deep Panda is deploying a new rootkit malware named Fire Chili on VMware Horizon servers using the Log4Shell exploit. This PowerShell command installs the NukeSped backdoor on the vulnerable server. As part of the attack chain, a PowerShell command is executed on VMware Horizon’s ws_tomcatservice.exe process in order to exploit the Log4j vulnerability. APT Lazarus Association: On May 23, 2022, Lazarus, a group associated with North Korea, exploits Log4J’s RCE vulnerability (CVE-2021-44228) to gain access to VMware Horizon servers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |