Source: thenewstack.io

Log4Shell Lives!
It has been about a year since the security hole at the heart of the open source Java logging library https://logging.apache.org/log4j/ was revealed. Recently, the https://www.cisa.gov/ revealed not only are hackers still using Log4Shell successfully, but Iranian government agents are also using it to https://www.cisa.gov/uscert/ncas/alerts/aa22-320a. Specifically, threat actors exploited Log4Shell to get access to the organization’s unpatched https://www.vmware.com/products/horizon.html.

Over that link, they ran a Windows PowerShell command to add an exclusion rule to Windows Defender that white-listed the c:\drive.

All of this story, an all too typical tale of an automated Windows attack, started with Log4Shell.

Related Articles