The exploitation process is the same as what the NHS detailed in a January 2022 security bulletin, which involves the direct execution of PowerShell commands and the activation of reverse shells via the Tomcat service. The target deployments are VMware Horizon servers vulnerable to the easy-to-exploit Log4j flaws. TunnelVision has previously targeted CVE-2018-13379 (Fortinet FortiOS), a Microsoft Exchange ProxyShell vulnerability set, and has now turned to the Log4Shell exploit.
The ultimate goal of TunnelVision appears to be the deployment of ransomware, so the group is not focused on cyber espionage alone but data destruction and operational disturbance too. Tunneling is the process of routing data traffic in such a way that its transmission becomes obfuscated or even hidden. Security analysts at SentinelLabs who have been tracking the activity chose that name due to the group's heavy reliance on tunneling tools, which help them hide their activities from detecting solutions. Uncovered this post intriguing? Abide by THN on Fb, Twitter and LinkedIn to read through far more distinctive articles we publish.An Iranian-aligned hacking group tracked as TunnelVision was spotted exploiting Log4j on VMware Horizon servers to breach corporate networks in the Middle East and the United States. “The gathered info can be utilized later on in lateral motion attacks.” “The attacker collected supplemental data by utilizing backdoor malware NukeSped to mail command line instructions,” the scientists stated.
The stealer malware, a console-based mostly utility, is developed to exfiltrate accounts and passwords saved in web browsers like Google Chrome, Mozilla Firefox, Internet Explorer, Opera, and Naver Whale as properly as facts about email accounts and just lately opened Microsoft Office and Hancom information.
Some of the vital functions of the backdoor assortment from capturing keystrokes and getting screenshots to accessing the device’s webcam and dropping supplemental payloads these types of as information and facts stealers. Past 12 months, Kaspersky disclosed a spear-phishing campaign aimed at thieving critical data from protection companies using a NukeSped variant identified as ThreatNeedle. NukeSped is a backdoor that can complete a variety of destructive activities based on commands acquired from a remote attacker-controlled area.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer). With AOMEI Backupper you will never be worried about loosing your data anymore. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. Protect and backup your data using AOMEI Backupper.
0 kommentar(er)
