Cybercriminals have continued to exploit vulnerable VMWare Horizon and United Access Gateway servers that did not apply patches or workarounds for Log4j (CVE-2021-44228).
This includes suspected state-sponsored APT groups as well as ransomware operators. Yesterday’s 0-day is today’s compromise.
(See VMware security advisory: https://www.vmware.com/security/advisories/VMSA-2021-0028.html)
CISA recommends all organizations with affected systems that did not immediately apply available patches or workarounds to assume compromise and initiate threat hunting activities using the IOCs provided in this CSA (https://www.cisa.gov/uscert/ncas/alerts/aa22-174a).
This blog post and its contents are intended for general guidance and informational purposes only. This blog post is under no circumstances intended to be used or considered as specific insurance or information security advice.