APT Groups Swarming on VMware Servers with Log4Shell

CISA tells organizations running VMware servers without Log4Shell mitigations to assume compromise.

Dark Reading Staff

June 24, 2022

1 Min Read
APT Groups Swarming on VMware Servers with Log4Shell
Getty Images

Organizations with public-facing VMware Horizon and Unified Access Gateway (UAG) servers without appropriate Log4Shell mitigations have been under a barrage of attacks from a range of attackers, including state-sponsored advanced persistent threat (APT) actors.

In fact, a new Cybersecurity and Infrastructure Agency (CISA) alert tells organizations running servers without Log4Shell updates to just assume they've been compromised and proceed with threat hunting and incident response. CISA added that in one instance, APT attackers were able to breach a disaster recovery network, move laterally, and steal sensitive data.

"If potential compromise is detected, administrators should apply the incident response recommendations included in this CSA and report key findings to CISA," the warning, issued along with the US Coast Guard Cyber Command (CGCYBER), said.

CISA also provides a list of indicators of compromise (IOC) and extensive technical details for threat hunters.

Subscribe to the Data Center Knowledge Newsletter
Get analysis and expert insight on the latest in data center business and technology delivered to your inbox daily.

You May Also Like