Chinese Hackers Are Abusing Log4Shell to Deploy Rootkits on VMware Horizon Servers

2 April 2022

A new rootkit named Fire Chili has been deployed on VMware Horizon servers by the Chinese hacking group Deep Panda using the Log4Shell exploit to steal certain sensitive data from the targeted systems. Using a certificate issued by the following departments, the rootkit evades detection by AV tools:- Frostburn Studios (game developer) Comodo (security software) Here’s what the security researchers at Fortinet’s FortiGuard Labs, Rotem Sde-Or and Eliran Voronovitch, stated:- “The nature of targeting was opportunistic insofar that multiple infections in several countries and various sectors occurred on the same dates.” The Chinese cyber espionage group, “Deep Panda” is one most popular notorious APT groups that have been active for several years and primarily performs cyber-espionage operations.

Read full article on GBHackers

Date:

2 April 2022

Categorie(s):

NEWS

Tag(s):

Cyber Attack, Deploy, Log4Shell, Rootkits, Servers

Crooks exploit OpenMetadata holes to mine crypto – and leave a sob story for victims18 April 2024
Clonezilla Live Is Now Patched Against the XZ Backdoor, Powered by Linux 6.718 April 2024
Zoom offers AI-based updates to its Workplace collaboration space18 April 2024
‘MadMxShell’ leverages Google Ads to deploy malware via Windows backdoor18 April 2024
Zoom launches Workplace, an AI-enabled collaboration space18 April 2024