![]() The initial access further afforded the actors to fetch more payloads such as PsExec, Mimikatz, and Ngrok, in addition to using RDP for lateral movement and disabling Windows Defender on the endpoints. The affected organization, per CISA, is believed to have been breached as early as February 2022 by weaponizing the vulnerability to add a new exclusion rule to Windows Defender that allowlisted the entire C:\ drive.ĭoing so made it possible for the adversary to download a PowerShell script without triggering any antivirus scans, which, in turn, retrieved the XMRig cryptocurrency mining software hosted on a remote server in the form of a ZIP archive file. in September 2022 pointed fingers at Iran's Islamic Revolutionary Guard Corps (IRGC) for leveraging the shortcoming to carry out post-exploitation activities. However, a joint advisory released by Australia, Canada, the U.K., and the U.S. CISA did not attribute the event to a particular hacking group. ![]() The latest development marks the continued abuse of the Log4j vulnerabilities in VMware Horizon servers by Iranian state-sponsored groups since the start of the year. It was addressed by the open source project maintainers in December 2021. LogShell, aka CVE-2021-44228, is a critical remote code execution flaw in the widely-used Apache Log4j Java-based logging library. "Cyber threat actors exploited the Log4Shell vulnerability in an unpatched VMware Horizon server, installed XMRig crypto mining software, moved laterally to the domain controller (DC), compromised credentials, and then implanted Ngrok reverse proxies on several hosts to maintain persistence," CISA noted. Cybersecurity and Infrastructure Security Agency (CISA), come in response to incident response efforts undertaken by the authority from mid-June through mid-July 2022. The details, which were shared by the U.S. federal agency by taking advantage of the Log4Shell vulnerability in an unpatched VMware Horizon server. Iranian government-sponsored threat actors have been blamed for compromising a U.S.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |