Written by AJ Vicens
Jan 11, 2022 | CYBERSCOOP
A China-based ransomware operator has been exploiting a vulnerability in Log4j software to attack internet-facing systems running a popular virtualization service, Microsoft analysts reported Monday.
The findings point toward attacks on VMWare Horizon, an application that allows remote users access to virtual computers and servers. Successful attacks have led to the deployment of ransomware via a hacking campaign that calls itself Night Sky. The group behind this effort has previously deployed other ransomware strains, including LockFile, AtomSilo, and Rook, the Microsoft researchers reported.
This new campaign, which dates back to Jan. 4 — even though the VMWare Horizon exploitation at the hands of the Log4j vulnerability was spotted toward the end of December — relies in part on spoofed domains made to look as though they’re associated with known technology firms such as TrendMicro, Sophos, Nvidia, and Rogers. VMware issued guidance on remediation on Dec. 14, less than a week after the Java-based vulnerability in the widely used open-source logging software became public.
The Microsoft findings came on the same day the U.S. government’s top cybersecurity officials told reporters that, although they were unaware of any major intrusions using the Log4j