[MART] - Daily Diary #514 - Lazarus group exploiting Log4Shell in VMWare Horizon

CTAS-MAT ctas-mat at appgate.com
Thu May 19 21:25:10 UTC 2022 

Hello,
I hope everyone is doing well!

Below is the entry for today.

05/19/2022 - Diary entry #514

Covered in our Daily Diaries #193, #247, #387 and #505, Lazarus is an infamous Advanced Persistent Threat Group (APT) believed to be sponsored by North Korea. This month new campaigns from Lazarus were disclosed, abusing Log4Shell vulnerability to infect VMWare Horizon.

Tracked under CVE-2021-44228, Log4Shell was already covered in many of our Daily Diaries, most recently in our Daily Diary #489, covered one of its variants affecting the Java Sprint framework. Several other Java applications rely on Log4J to handle the logs, and (if outdated) can be vulnerable to exploitation. In the reported incidents, Lazarus abused vulnerable VMWare Horizon servers to deploy spyware and rootkits into the network. Other incidents involving outdated VMWare Horizon have been disclosed since January this year.

Even though Log4Shell was disclosed last year, this incident reveals how hard it's going to be to mitigate such vulnerabilities. Lots of companies can be running legacy Java applications vulnerable to exploitation without even knowing. We highly recommend any company running Java applications, even third-party, to perform vulnerability finding assessments, and regular penetration testing, to ensure at least the most common vulnerabilities are mitigated.


Kind Regards,

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



Felipe Duarte Domingues
Manager, MART
Appgate

E: felipe.duarte at appgate.com<mailto:felipe.duarte at appgate.com>
O: +55 19 98840 2509

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220519/a28d65fe/attachment.htm>

More information about the MART mailing list