CISA Updates Advisory on Cyber Actors Continued Exploitation of Log4Shell in VMware Horizon Systems

07/18/2022 12:07 PM EDT

Original release date: July 18, 2022

CISA has updated the joint CISA-United States Coast Guard Cyber Command (CGCYBER) Cybersecurity Advisory AA22-174A: Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon, originally released June 23, 2022. The advisory now includes IOCs provided in Malware Analysis Report (MAR)-10382580-2.

CISA and CGCYBER encourage users and administrators to update all affected VMware Horizon and Unified Access Gateway (UAG) systems to the latest versions. If updates or workarounds were not promptly applied following VMware’s release of updates for Log4Shell, treat all affected VMware systems as compromised. See the joint advisory for more information and additional recommendations.

This product is provided subject to this Notification and this Privacy & Use policy.

Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems

06/23/2022 02:00 PM EDT

Original release date: June 23, 2022

CISA and the United States Coast Guard Cyber Command (CGCYBER) have released a joint Cybersecurity Advisory (CSA) to warn network defenders that cyber threat actors, including state-sponsored advanced persistent threat (APT) actors, have continued to exploit CVE-2021-44228 (Log4Shell) in VMware Horizon® and Unified Access Gateway (UAG) servers to obtain initial access to organizations that did not apply available patches. The CSA provides information—including tactics, techniques, and procedures and indicators of compromise—derived from two related incident response engagements and malware analysis of samples discovered on the victims’ networks.

CISA and CGCYBER encourage users and administrators to update all affected VMware Horizon and UAG systems to the latest versions. If updates or workarounds were not promptly applied following VMware’s release of updates for Log4Shell, treat all affected VMware systems as compromised. See joint CSA Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems for more information and additional recommendations.
 

This product is provided subject to this Notification and this Privacy & Use policy.