Person touching screen.

H-ISAC TLP: White Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems June 23, 2022

Health-ISAC is distributing the following threat bulletin regarding the Joint Cybersecurity Advisory (CSA) (AA22-174A) released by the Cybersecurity and Infrastructure Security Agency and the United States Coast Guard Cyber Command (CGCYBER) on June 23, 2022. The advisory was released to bring attention to the ongoing exploitation of the Log4Shell vulnerability, identified as CVE-2021-44228, in VMware Horizon and Unified Access Gateway (UAG) servers to gain initial access to organizations that did not apply available patches or workarounds.

According to cybersecurity researchers, several threat actor groups have exploited Log4Shell on unpatched, public-facing VMware Horizon and UAG servers since December 2021. Post-exploitation activity including the deployment of loader malware on compromised systems with embedded executables to enable remote command and control (C2) have been observed.

View the detailed report below. 

For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:

John Riggi

National Advisor for Cybersecurity and Risk, AHA

jriggi@aha.org

(O) +1 202 626 2272

More on John Riggi
Learn more about AHA's Cybersecurity and Risk Advisory Services

Key Resources

Related Resources

Special Bulletin
Red Cross, America’s Blood Centers, AABB Say U.S. Faces Critical Blood and Platelet Shortages
Public
Advancing Health Podcast
Going International: The FBI's Global Fight Against Cybercrime
Public
Advisory
American Hospital Association and Health-ISAC Joint Threat Bulletin - TLP White
Public
Advisory
Hospitals in Florida, Other States Impacted by Effects of Cyberattack on Blood-donation Nonprofit OneBlood
Member
Advisory
Ransomware Group Warns of Potential Cyberattack
Member
Advisory
New Resources and Offers for AHA Members to Bolster Cybersecurity Efforts
Public