APT Groups Swarming on VMware Servers with Log4Shell

CISA tells organizations running VMware servers without Log4Shell mitigations to assume compromise.

Organizations with public-facing VMware Horizon and Unified Access Gateway (UAG) servers without appropriate Log4Shell mitigations have been under a barrage of attacks from a range of attackers, including state-sponsored advanced persistent threat (APT) actors.
In fact, a new Cybersecurity and Infrastructure Agency (CISA) alert tells organizations running servers without
Log4Shell updates
to just assume theyve been compromised and proceed with threat hunting and incident response. CISA added that in one instance, APT attackers were able to breach a disaster recovery network, move laterally, and steal sensitive data.
If potential compromise is detected, administrators should apply the incident response recommendations included in this CSA and report key findings to CISA, the warning, issued along with the US Coast Guard Cyber Command (CGCYBER), said.
CISA also provides a list of indicators of compromise (IOC) and extensive
technical details
for threat hunters.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
APT Groups Swarming on VMware Servers with Log4Shell