[MART] - Daily Diary #537 - APT groups still actively exploiting Log4Shell

CTAS-MAT ctas-mat at appgate.com
Thu Jun 23 21:47:29 UTC 2022


I hope everyone is doing well!

Below is the entry for today.

06/23/2022 - Diary entry #537:

Covered in our Daily Diary #414, Log4Shell (CVE-2021-44228) is one of the most important vulnerabilities disclosed this year. Affecting millions of services, it allows an attacker to execute code in unpatched servers running old versions of Log4J logging library.

In our Daily Diary #514, we covered Lazarus group exploiting Log4Shell to infect VMWare Horizon servers. This week CISA and the United States Coast Guard Cyber Command (CGCYBER) released a joint advisory warning organizations that state-sponsored APT actors are still abusing Log4Shell to invade VMware Horizon and Unified Access Gateway (UAG) servers.

The join advisory describes in detail two real attack scenarios that leveraged Log4shell to gain initial access to organizations' networks. After the breach, other malware samples were used to move laterally through the network and compromise other computers.

This incident raises a red flag, as even after a year Log4Shell is still very active and used in multiple attacks scenarios. Every company running Java-based systems must investigate their codes and dependencies for vulnerable entry points, conduct regular pentest and segment their networks, avoiding exposing to the internet any system that doesn't require and creating isolation perimeters, limiting the damage of potential cybersecurity incidents.

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>

Felipe Duarte Domingues

Manager, MART

E: felipe.duarte at appgate.com<mailto:felipe.duarte at appgate.com>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220623/ae4523b0/attachment.htm>

More information about the MART mailing list