• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

US: Iranian Hackers Breached Government with Log4Shell

You are here: Home / General Cyber Security News / US: Iranian Hackers Breached Government with Log4Shell
November 17, 2022

The US authorities have urged all agencies to patch VMware programs after revealing that Iranian point out-backed actors exploited the Log4Shell bug to compromise a governing administration group.

The warn from the Cybersecurity and Infrastructure Security Agency (CISA) claimed the unnamed Federal Civilian Government Department (FCEB) organization was compromised as prolonged in the past as February 2022.

An incident reaction engagement commencing mid-June uncovered the compromise, which utilised the infamous Log4j bug for initial entry.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“In the course of incident response actions, CISA determined that cyber-danger actors exploited the Log4Shell vulnerability in an unpatched VMware Horizon server, set up XMRig crypto-mining software package, moved laterally to the area controller (DC), compromised credentials and then implanted Ngrok reverse proxies on several hosts to keep persistence,” CISA stated.

“CISA and FBI persuade all businesses with impacted VMware techniques that did not right away use obtainable patches or workarounds to assume compromise and initiate danger searching activities.”

If agencies detect initial entry or compromise, they should also believe lateral motion, look into any connected units and audit privileged accounts, the alert ongoing.

Again in September, CISA and US allies warned that Iranian threat actors were exploiting Log4Shell on VMware Horizon programs in popular ransomware campaigns linked to the Islamic Innovative Guard Corps (IRGC).

VMware urged prospects back in January to patch any internet-facing Horizon servers.

Provided the deployment of crypto-mining malware on the US governing administration business, it is unclear whether the menace actors’ principal intention was to generate earnings or support wider cyber-espionage aims.

Log4Shell continues to result in businesses problems, thanks to the ubiquity of the Log4j utility.

When it was initially discovered in December 2021, authorities warned that it might even now be used in attacks years from now.


Some sections of this post are sourced from:
www.infosecurity-magazine.com

Previous Post: «fbi wanted leader of the notorious zeus botnet gang arrested in FBI-Wanted Leader of the Notorious Zeus Botnet Gang Arrested in Geneva
Next Post: US federal agency breached by Iranian state-backed hackers via Log4Shell exploit us federal agency breached by iranian state backed hackers via log4shell»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials
  • Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business
  • Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
  • Beyond Vulnerability Management – Can You CVE What I CVE?
  • Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
  • Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
  • 38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases
  • SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root
  • Qilin Leads April 2025 Ransomware Spike with 45 Breaches Using NETXLOADER Malware
  • Security Tools Alone Don’t Protect You — Control Effectiveness Does

Copyright © TheCyberSecurity.News, All Rights Reserved.