![]() ![]() Instead, the crypto miner installer script is directly executed from the Apache Tomcat component of the Horizon server, the report says.Īccording to Sophos, earlier attacks had a typical process trace that shows them starting from the Tomcat service executable and ending with the execution of the PowerShell script, which executes a standard Cobalt Strike reverse shell. 19, and this wave did not rely on Cobalt Strike. However, the largest wave of Log4Shell exploits aimed at Horizon detected by Sophos began Jan. 14, some of which used Cobalt Strike to stage and execute the cryptominer payloads. ![]() ![]() Those attacks were observed since the beginning of January, Sophos says in the report, published Tuesday.Ī large wave of attacks began on Jan. However, attackers can use that resource to retrieve a malicious Java class file that modified existing legitimate Java code, adding a web shell that provides remote access and code execution to the attackers. Log4Shell is a critical vulnerability that exists in Log4j, a popular Java logger that uses the Lightweight Directory Access Protocol (LDAP) resource. In a new report, Sophos says the attempts to leverage Horizon continued and grew in number throughout January and were frequently associated with attempts to deploy crypto miners, but others appeared to be associated with initial access brokers or ransomware gangs. Hackers are continuing to leverage the Log4Shell vulnerability to attack VMware Horizon servers and deploy cryptocurrency mining malware and backdoors, with a large wave of such attacks from mid-January still ongoing, according to cybersecurity firm Sophos.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |