![]() ![]() This process is used to establish persistent communication with a command and control server that could then be used to carry out other malicious activities such as deploying additional malicious software, data exfiltration, or deployment of ransomware. This article explains how to protect the Virtual Desktop infrastructure (VDI) in a VMware environment with the use of VMware Horizon View and GravityZone. The commands are stored as a header object (named 'data') in the crafted requests. Once established, the listener will execute arbitrary commands received in crafted web (HTTP / HTTPS) requests if a particular hardcoded string (key) is present in the URI of the request. The 'VMBLastSG' service is then forcibly restarted to initiate the listener. Hackers Exploiting VMware Horizon to Target South Korea with NukeSped Backdoor Ravie Lakshmanan The North Korea-backed Lazarus Group has been observed leveraging the Log4Shell vulnerability in VMware Horizon servers to deploy the NukeSped (aka Manuscrypt) implant against targets located in its southern counterpart. Researchers at Trend Micro observed active attacks in the wild that prey on the logging vulnerability to conduct ransomware attacks. The altered 'absg-worker.js' file then contains: Ransomware actors are exploiting the well-known Log4Shell vulnerability to take over systems running VMware Horizon. ![]() Retrieves the list of service path names stored in $path and for each replaces any instances of "()\ " with the code block stored in $expr described above, thereby injecting the web shell. ![]() ![]() The attack is very likely initiated via a Log4Shell payload similar to $|Set-Content $path Restart-Service -Force VMBlastSG" ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |