• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Subscribe
  • Project of the Week
  • About Us
    SEARCH
IT Infrastructure, Network Security, News

A Chinese Ransomware Operator Is Leveraging Log4j Bugs, VMWare Horizon

Ransomware operation leveraging Log4j bugs began attacking internet-facing systems running VMWare Horizon earlier this month, Microsoft says.

January 11, 2022 Zachary Comeau Leave a Comment

Log4j, Log4Shell, GreyNoise
stock.adobe.com/Andreas Prott

The IT and cybersecurity community sounded the alarm last month when researchers discovered vulnerabilities in Log4j, the ubiquitous java logger used by a wide range of tech products.

The tool has been patched and vendors are quickly deploying its own patches for products that use the tool, but the situation is not getting much better as threat actors are leveraging the flaws to attack internet-facing systems and deploy ransomware, Microsoft warns in a new update.

The IT vendor says it began observing earlier this month attacks exploiting the CVE-2021-44228 vulnerability in internet-facing systems running VMWare Horizon, which is one of many VMWare products that was impacted by the Log4j bugs.

For information of which components of Horizon are vulnerable, view VMWare’s advisory.

Microsoft attributes the attacks to a China-based ransomware operator that deploys the NightSky ransomware to encrypt victim systems. That entity, which Microsoft tracks as Dev-0401, has previously deployed multiple ransomware families, including LockFile, AtomSilo, and Rook.

The threat actor has also exploited other internet-facing systems running Confluence and on-premises Exchange servers, leveraging a 2021 remote code execution vulnerability for each.

According to Microsoft, the attackers are using command and control severs that spoof legitimate domains of IT vendors, including: service[.]trendmrcio[.]com, api[.]rogerscorp[.]org, api[.]sophosantivirus[.]ga, apicon[.]nvidialab[.]us, w2zmii7kjb81pfj0ped16kg8szyvmk.burpcollaborator[.]net, and 139[.]180[.]217[.]203.

The update comes a week after the Microsoft warned organizations to remain vigilant as exploitation attempts remain high in January. The company says sophisticated threat actors like nation-states and other groups are rolling the Log4j exploits into their attack tools.

Nation state groups from China, Iran North Korea and Turkey are using the vulnerabilities to conduct a range of attacks, including ransomware and attacking virtualization infrastructure to extend their typical targeting.

Other groups are using the vulnerability to gain initial access to target networks and then sell that access to ransomware-as-a-service affiliates, Microsoft says.

Microsoft has rolled out updates to Microsoft 365 Defender to help admins identify vulnerable instances of Log4j and provide a consolidated view of the organization’s exposure.

Multiple other organizations have released similar tools that are free to use.

 

Tagged With: Log4j, Microsoft, ransomware, VMWare

Related Content:

  • IT news, This Week in it, Microsoft 365, Hive ransomware, iOS 16.3, AltspaceVR, RMM software This Week in IT: Microsoft Outage, VR, Cyberattacks,…
  • Cloud Security, Varonis Varonis Launches Automated Posture Management
  • Atera, OpenAI Atera Launches OpenAI Integration for IT Script Generating
  • Cisco New York office, hybrid workplace, hybrid meeting Take This Short Survey on Collaboration Technology

Free downloadable guide you may like:

  • Harnessing the Power of Digital SignageHarnessing the Power of Digital Signage

    Choosing the best solutions for messaging, branding, and communicating in today’s content-everywhere landscape

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Harnessing the Power of Digital Signage
Harnessing the Power of Digital Signage

Choosing the best solutions for messaging, branding, and communicating in today’s content-everywhere landscape

Blueprint Series Cover: What works for hybrid work
Blueprint Series: What Works for Hybrid Work

Download this free resource to learn about how IT leaders can effectively manage and implement a hybrid work model.

Guide to creating a ransomware response plan download
Blueprint Series: Creating a Ransomware Response Plan

Chances are ransomware hackers are researching your company right now. They’re investing time and money to choose the most profitable targets and a...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Subscribe to the Newsletter
  • Contact Us
  • Media Solutions & Advertising
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSTERMS OF USEPRIVACY POLICY

© 2023 Emerald X, LLC. All rights reserved.