• Home
  • Politics
  • News
  • Business
  • Health
  • Entertainment
  • Sports
  • Lifestyle
  • Education
  • Opinion
Tuesday, 24 June, 2025
  • Login
Top Radio 103.1 FM
 
  • Home
  • News
  • Politics
  • Business
  • Entertainment
  • Health
  • Lifestyle
  • Sports
  • Education
  • Technology
  • Foreign
No Result
View All Result
Top Radio 103.1 FM
No Result
View All Result
Home Technology

VMware Horizon servers are under active exploit by hackers

TOPFM NEWS by TOPFM NEWS
February 18, 2022
in Technology
A A
0
VMware Horizon servers are under active exploit by hackers
0
SHARES
11
VIEWS
Share on FacebookShare on Twitter

Hackers aligned with the government of Iran are exploiting the critical Log4j vulnerability to infect unpatched VMware users with ransomware, researchers said on Thursday.

Security firm SentinelOne has dubbed the group TunnelVision. The name is meant to emphasize TunnelVision’s heavy reliance on tunneling tools and the unique way it deploys them. In the past, TunnelVision has exploited so-called 1-day vulnerabilities—meaning vulnerabilities that have been recently patched—to hack organizations that have yet to install the fix. Vulnerabilities in Fortinet FortiOS (CVE-2018-13379) and Microsoft Exchange (ProxyShell) are two of the group’s better-known targets.

Enter Log4Shell

Recently, SentinelOne reported, TunnelVision has started exploiting a critical vulnerability in Log4j, an open source logging utility that’s integrated into thousands of apps. CVE-2021-44228 (or Log4Shell, as the vulnerability is tracked or nicknamed) allows attackers to easily gain remote control over computers running apps in the Java programming language. The bug bit the Internet’s biggest players and was widely targeted in the wild after it became known.

The SentinelOne research shows that the targeting continues and that this time the target is organizations running VMware Horizon, a desktop and app virtualization product that runs on Windows, macOS, and Linux.

“TunnelVision attackers have been actively exploiting the vulnerability to run malicious PowerShell commands, deploy backdoors, create backdoor users, harvest credentials, and perform lateral movement,” company researchers Amitai Ben Shushan Ehrlich and Yair Rigevsky wrote in a post. “Typically, the threat actor initially exploits the Log4j vulnerability to run PowerShell commands directly, and then runs further commands by means of PS reverse shells, executed via the Tomcat process.”

Apache Tomcat is an open source Web server that VMware and other enterprise software use to deploy and serve Java-based Web apps. Once installed, a shell allows the hackers to remotely execute commands of their choice on exploited networks. The PowerShell used here appears to be a variant of this publicly available one. Once it’s installed, TunnelVision members use it to:

Execute reconnaissance commands 

Create a backdoor user and adding it to the network administrators group 

Harvest credentials using ProcDump, SAM hive dumps, and comsvcs MiniDump 

Download and run tunneling tools, including Plink and Ngrok, which are used to tunnel remote desktop protocol traffic 

The hackers use multiple legitimate services to achieve and obscure their activities. Those services include:

transfer.sh 

pastebin.com 

webhook.site 

ufile.io 

raw.githubusercontent.com 

People who are trying to determine if their organization is affected should look for unexplained outgoing connections to these legitimate public services.

Tunnels, minerals, and kittens

Thursday’s report said that TunnelVision overlaps with several threat groups exposed by other researchers over the years. Microsoft has dubbed one group Phosphorous. The group, Microsoft has reported, has tried to hack a US presidential campaign and to install ransomware in an attempt to generate revenue or disrupt adversaries. The federal government has also said Iranian hackers had been targetting critical infrastructure in the US with ransomware.

SentinelOne said that TunnelVision also overlaps with two threat groups security firm CrowdStrike tracks as Charming Kitten and Nemesis Kitten.

“We track this cluster separately under the name ‘TunnelVision,’” the SentinelOne researchers wrote. “This does not imply we believe they are necessarily unrelated, only that there is at present insufficient data to treat them as identical to any of the aforementioned attributions.”

The post provides a list of indicators that admins can use to determine if they’ve been compromised.

Related Posts

Toyota global production down for 10th month despite rising sales

Toyota global production down for 10th month despite rising sales

December 26, 2024 - Updated on December 28, 2024
58
Ghana leads four other African countries to sign SATA declaration on data and digital identity interoperability

Ghana leads four other African countries to sign SATA declaration on data and digital identity interoperability

April 27, 2023
7
Source: arstechnica
Tags: VMware Horizon servers active exploit by Iranian state hackers
Previous Post

Germany’s BioNTech plans modular vaccine factories in Africa

Next Post

Tesla changes S.Korea ads after antitrust probe faulted batteries

Related Posts

Toyota global production down for 10th month despite rising sales
News

Toyota global production down for 10th month despite rising sales

December 26, 2024 - Updated on December 28, 2024
58
Ghana leads four other African countries to sign SATA declaration on data and digital identity interoperability
Technology

Ghana leads four other African countries to sign SATA declaration on data and digital identity interoperability

April 27, 2023
7
TikTok launches an elections hub in Kenya ahead of General Elections
Technology

TikTok launches an elections hub in Kenya ahead of General Elections

July 15, 2022
15
Facebook to allow up to five profiles tied to one account
Technology

Facebook to allow up to five profiles tied to one account

July 15, 2022
15
Microsoft releases tweet-size exploit for macOS sandbox escape bug
Technology

Microsoft releases tweet-size exploit for macOS sandbox escape bug

July 14, 2022
14
Final Android 13 beta arrives ahead of its official launch ‘in the weeks ahead’
Technology

Final Android 13 beta arrives ahead of its official launch ‘in the weeks ahead’

July 14, 2022
9
Next Post
Tesla changes S.Korea ads after antitrust probe faulted batteries

Tesla changes S.Korea ads after antitrust probe faulted batteries

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

BROWSE BY CATEGORIES

  • Business
  • Education
  • Entertainment
  • Foreign
  • Health
  • Lifestyle
  • News
  • Opinion
  • Politics
  • Sports
  • Technology
  • Uncategorized

BROWSE BY TOPICS

2022 Budget AFCON Afghanistan akufo addo Amazon Apiate explosion apple AT&T Ato Forson Black Stars covid COVID-19 COVID 19 E-Levy facebook GFA Ghana Police Service Google Government GRA health Intel iphone LGBTQ Mahama Majority Microsoft Minority momo NDC NPP Nvidia OMICRON Parliament police Russia security Taliban tech Tesla US UTAG vaccine vaccines Xinjiang

Recent Posts

  • Don’t Force Ghanaian Musicians To Do Highlife – Maya Blu Tells Ghana Music Critics
  • Black Star Experience Begins In July
  • Amaarae: Ghana’s Global Star To Release Third Album Titled “Black Star”
  • Beeztrap KOTM Announces The Release Of New Album Titled “Power”
  • Church Of Pentecost Commission 35 Bed AI Powered Hospital In Bolgatanga (Photos)

Recent Comments

No comments to show.

RECENT NEWS

  • Don’t Force Ghanaian Musicians To Do Highlife – Maya Blu Tells Ghana Music Critics June 23, 2025
  • Black Star Experience Begins In July June 23, 2025
  • Amaarae: Ghana’s Global Star To Release Third Album Titled “Black Star” June 21, 2025
  • Beeztrap KOTM Announces The Release Of New Album Titled “Power” June 21, 2025

MAIN CATEGORIES

  • Business
  • Education
  • Entertainment
  • Foreign
  • Health
  • Lifestyle
  • News
  • Opinion
  • Politics
  • Sports
  • Technology
  • Uncategorized

Entertainment

Church Of Pentecost Commission 35 Bed AI Powered Hospital In Bolgatanga (Photos)
Health

Church Of Pentecost Commission 35 Bed AI Powered Hospital In Bolgatanga (Photos)

5 days ago
5
  • ABOUT US
  • CONTACT
  • ADVERTISE

© 2025 Top Media Group - Powered by BackUP Data Systems

No Result
View All Result
  • Home
  • Politics
  • News
  • Business
  • Health
  • Entertainment
  • Sports
  • Lifestyle
  • Education
  • Opinion

© 2025 Top Media Group - Powered by BackUP Data Systems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In