• Latest
  • All
  • How To
Attackers Are Using Log4Shell Vulnerability to Deliver Backdoors to Virtual Servers

Attackers Are Using Log4Shell Vulnerability to Deliver Backdoors to Virtual Servers

April 2, 2022
digital-tv-standards-kenya

Kenya Sets New Rules for Digital TVs Starting Next Month

June 19, 2025
Kenya's Government Censors X for Global Image

Abductions and Arrests! Kenyan Government’s Fear and Hate of X Users Makes No Sense

June 19, 2025
drones-healthcare-delivery

Rural Kenya Is Turning to Drones to Speed Up Healthcare Delivery

June 18, 2025
TikTok

TikTok Could Go Dark (Again) in the U.S. This Week

June 17, 2025
DHgate Tablet Cases deals
whatsapp meta ads

Meta Officially Brings Ads to WhatsApp

June 17, 2025
Infinix Smart 10 HD

Infinix Launches the Smart 10 Series Lineup

June 16, 2025
Infinix Hot 60 Pro+

Infinix Wants to Fit a 5,160 mAh Battery in the Slim Hot 60 Pro+ Frame

June 16, 2025
Aigov

U.S. Plans to Launch AI Hub for Government Agencies

June 16, 2025
multichoice-dstv-showmax

Multichoice Subscriber Numbers Drop by 15% As Kenyans Cut Back on Spending

June 16, 2025
Huawei-Watch

Huawei Surpasses Apple to Lead Global Wearables Market

June 12, 2025
Kenya-KICTANet-MindHYVE-ai-

Kenya Partners with US AI Firms to Co-Create National AI Policy with KICTANet

June 12, 2025
youtube-apple-ai

Creators Can Now Promote Videos Without Leaving YouTube Studio

June 12, 2025
Techweez | Tech News, Reviews, Deals, Tips and How To
  • News
  • Entertainment
  • Reviews
  • Features
  • Editorial
No Result
View All Result
Techweez | Tech News, Reviews, Deals, Tips and How To
  • News
  • Entertainment
  • Reviews
  • Features
  • Editorial
No Result
View All Result
Techweez | Tech News, Reviews, Deals, Tips and How To
No Result
View All Result

Attackers Are Using Log4Shell Vulnerability to Deliver Backdoors to Virtual Servers

Kenn Abuya by Kenn Abuya
April 2, 2022
in News
Reading Time: 3 mins read
256
0

Internet security firm Sophos has released findings on how attackers are using the Log4Shell vulnerability to deliver backdoors and profiling scripts to unpatched VMware Horizon servers, paving the way for persistent access and future ransomware attacks.

A new technical paper, “Horde of Miner Bots and Backdoors Leveraged Log4J to Attack VMware Horizon Servers,” details the tools and techniques used to compromise the servers and deliver three different backdoors and four cryptominers.

The backdoors are possibly delivered by Initial Access Brokers.

Log4Shell is a remote code execution vulnerability in the Java logging component, Apache Log4J, which is embedded in hundreds of software products. It was reported and patched in December 2021. 

“Widely used applications such as VMware Horizon that are exposed to the internet and need to be manually updated, are particularly vulnerable to exploitation at scale,” said Sean Gallagher, senior security researcher at Sophos. “Sophos detections reveal waves of attacks targeting Horizon servers, starting in January, and delivering a range of backdoors and cryptominers to unpatched servers, as well as scripts to collect some device information.

Sophos believes that some of the backdoors may be delivered by Initial Access Brokers looking to secure persistent remote access to a high value target that they can sell on to other attackers, such as ransomware operators.”

The multiple attack payloads Sophos detected using Log4Shell to target vulnerable Horizon servers include:

  • Two legitimate remote monitoring and management tools, Atera agent and Splashtop Streamer, likely intended for malicious use as backdoors
  • The malicious Sliver backdoor 
  • The cryptominers z0Miner, JavaX miner, Jin and Mimu
  • Several PowerShell-based reverse shells that collect device and backup information

Sophos’ analysis revealed that Sliver is sometimes delivered together with Atera and PowerShell profiling scripts and is used to deliver the Jin and Mimu variants of the XMrig Monero miner botnet. 

According to Sophos, the attackers are using several different approaches to infect targets. While some of the earlier attacks used Cobalt Strike to stage and execute the cryptominer payloads, the largest wave of attacks that began in mid-January 2022, executed the cryptominer installer script directly from the Apache Tomcat component of the VMware Horizon server. This wave of attacks is ongoing.

“Sophos’ findings suggest that multiple adversaries are implementing these attacks, so the most important protective step is to upgrade all devices and applications that include Log4J with the patched version of the software. This includes patched versions of VMware Horizon if organizations use the application in their network,” said Gallagher.

“Log4J is installed in hundreds of software products and many organizations may be unaware of the vulnerability lurking within their infrastructure, particularly in commercial, open-source or custom software that doesn’t have regular security support. And while patching is vital, it won’t be enough if attackers have already been able to install a web shell or backdoor in the network. Defense in depth and acting upon any detection of miners and other anomalous activity is critical to avoid falling victim to such attacks,” he adds.

SendShare146Tweet92
Kenn Abuya

Kenn Abuya

Kenn Abuya is a friend of technology, with bias in enterprise and mobile tech. Share your thoughts, tips and hate mail at [email protected]

Related Posts

digital-tv-standards-kenya

Kenya Sets New Rules for Digital TVs Starting Next Month

June 19, 2025
Kenya's Government Censors X for Global Image

Abductions and Arrests! Kenyan Government’s Fear and Hate of X Users Makes No Sense

June 19, 2025
drones-healthcare-delivery

Rural Kenya Is Turning to Drones to Speed Up Healthcare Delivery

June 18, 2025
TikTok

TikTok Could Go Dark (Again) in the U.S. This Week

June 17, 2025
whatsapp meta ads

Meta Officially Brings Ads to WhatsApp

June 17, 2025
Infinix Smart 10 HD

Infinix Launches the Smart 10 Series Lineup

June 16, 2025

Latest

digital-tv-standards-kenya

Kenya Sets New Rules for Digital TVs Starting Next Month

June 19, 2025
Kenya's Government Censors X for Global Image

Abductions and Arrests! Kenyan Government’s Fear and Hate of X Users Makes No Sense

June 19, 2025
drones-healthcare-delivery

Rural Kenya Is Turning to Drones to Speed Up Healthcare Delivery

June 18, 2025
TikTok

TikTok Could Go Dark (Again) in the U.S. This Week

June 17, 2025
whatsapp meta ads

Meta Officially Brings Ads to WhatsApp

June 17, 2025
Infinix Smart 10 HD

Infinix Launches the Smart 10 Series Lineup

June 16, 2025

Best devices

budget smartwatches 2025

Best Budget Smartwatches To Buy in Kenya 2025

February 13, 2025

Best Infinix Smartphones To Buy in Kenya 2024

February 13, 2025

Best Laptops for Battery Life in 2024

August 21, 2024

Best “Battery Warrior” Smartphones To Buy in 2024

August 22, 2024

Kenya Sets New Rules for Digital TVs Starting Next Month

June 19, 2025

Abductions and Arrests! Kenyan Government’s Fear and Hate of X Users Makes No Sense

June 19, 2025

Techweez is a fast growing influential source of technology news, reviews and analysis by leading tech geeks in the industry.

Follow Us

Editorials

Abductions and Arrests! Kenyan Government’s Fear and Hate of X Users Makes No Sense

Actors and Film Crews Are Worried About Veo 3 Taking Their Jobs

Samsung QLED TVs Now Officially Certified for Real Quantum Dot Technology

Trump’s Tariffs Will Be the End of Affordable Tech

5 Ways to Prep Your Tech for Resale

The Weaponization of PDFs: How Cybercriminals Are Exploiting a Trusted Format

More News

Infinix Wants to Fit a 5,160 mAh Battery in the Slim Hot 60 Pro+ Frame

U.S. Plans to Launch AI Hub for Government Agencies

Multichoice Subscriber Numbers Drop by 15% As Kenyans Cut Back on Spending

Huawei Surpasses Apple to Lead Global Wearables Market

Kenya Partners with US AI Firms to Co-Create National AI Policy with KICTANet

Creators Can Now Promote Videos Without Leaving YouTube Studio

  • Terms Of Use
  • Techweez Brand
  • Privacy & Policy
  • Contact Us

© 2024 Techweez - Palahala Media Group may earn a commission when you buy through links on our sites.
A Palahala Media Group Brand. All rights reserved.
.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

Techweez | Tech News, Reviews, Deals, Tips and How To
Crunchy Cookies 🍪 Ahead!

Hey there! Just a heads-up: we're big fans of cookies - both the digital and edible kind! 🍪 We use our cookies and some from third parties to ensure your browsing experience on our site is smooth sailing and secure.

 

But wait, there's more! We also use cookies to gather stats and insights on how you navigate our site. It's like getting a behind-the-scenes peek at your digital adventures!

 

Don't worry, you're in control. You can adjust your cookie settings anytime to suit your preferences. Feeling curious? Dive into our Privacy Policy for all the juicy details. Happy browsing! 🚀

Functional Always active
Listen, this legal stuff is about as exciting as watching paint dry. But it basically says we only use your stuff for what you asked us to do, and nobody else gets to peek!
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
It's those sneaky cookie crumbs websites leave behind to count visitors, like counting ants at a picnic! Totally harmless, just for fun facts. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
Hey there! Just letting you know we use some fancy gizmos to remember your preferences. This way, we can show you ads that are, well, not completely bananas.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Make cookies
{title} {title} {title}
Techweez | Tech News, Reviews, Deals, Tips and How To
Crunchy Cookies 🍪 Ahead!
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
Listen, this legal stuff is about as exciting as watching paint dry. But it basically says we only use your stuff for what you asked us to do, and nobody else gets to peek!
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
It's those sneaky cookie crumbs websites leave behind to count visitors, like counting ants at a picnic! Totally harmless, just for fun facts. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
Hey there! Just letting you know we use some fancy gizmos to remember your preferences. This way, we can show you ads that are, well, not completely bananas.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Make cookies
{title} {title} {title}
No Result
View All Result
  • News
  • Reviews
  • Features
  • Editorial
  • Automotive
  • Entertainment

© 2024 Techweez - Palahala Media Group may earn a commission when you buy through links on our sites.
A Palahala Media Group Brand. All rights reserved.
.