Organizations with public-facing VMware Horizon and Unified Entry Gateway (UAG) servers with out applicable Log4Shell mitigations have been underneath a barrage of assaults from a spread of attackers, together with state-sponsored superior persistent menace (APT) actors.
The truth is, a brand new Cybersecurity and Infrastructure Company (CISA) alert tells organizations working servers with out Log4Shell updates to simply assume they have been compromised and proceed with menace looking and incident response. CISA added that in a single occasion, APT attackers had been in a position to breach a catastrophe restoration community, transfer laterally, and steal delicate knowledge.
“If potential compromise is detected, directors ought to apply the incident response suggestions included on this CSA and report key findings to CISA,” the warning, issued together with the US Coast Guard Cyber Command (CGCYBER), stated.
CISA additionally gives an inventory of indicators of compromise (IOC) and in depth technical particulars for menace hunters.