A gang of cybercriminals known for breaking into computer systems and selling access to them has been discovered exploiting an Apache Log4j vulnerability, Log4Shell, in unpatched VMware Horizon to plant cryptominers and backdoors on targeted systems.
In a blog published Wednesday, Blackberry’ researchers Ryan Gibson, Codi Starks and Will Ikard revealed that Prophet Spider was behind the attacks, which could be reliably detected by monitoring ws_TomcatService.exe, the Tomcat service used by VMware Horizon.
The researchers explained that after exploiting the Log4Shell vulnerability to penetrate a system, the attackers use PowerShell commands to download a second-stage payload. In the case of Prophet Spider, the payloads were primarily cryptocurrency mining software, although in some instances, Cobalt Strike beacons—a kind of system backdoor—were also installed on the computers.
More Stories
ForgeRock, Double Secret Octopus offer passwordless authentication for enterprises
ForegeRock is adding a new passwordless authentication capability, called Enterprise Connect Passwordless, to its flagship Identity Platform product to help...
ForgeRock, Secret Double Octopus offer passwordless authentication for enterprises
ForegeRock is adding a new passwordless authentication capability, called Enterprise Connect Passwordless, to its flagship Identity Platform product to help...
Mispadu Trojan Steals 90,000+ Banking Credentials From Latin American Victims
These included a number of government websites: 105 in Chile, 431 in Mexico and 265 in Peru Read More
KillNet Group Uses DDoS Attacks Against Azure-Based Healthcare Apps
Microsoft said it saw between 40 and 60 daily attacks in February Read More
BreachForums Admin Arrested in New York
Conor Brian Fitzpatrick of Peekskill was apprehended last Wednesday following an FBI investigation Read More
CISA kicks off ransomware vulnerability pilot to help spot ransomware-exploitable flaws
Last week, the US Cybersecurity and Infrastructure Security Agency (CISA) announced the launch of the Ransomware Vulnerability Warning Pilot (RVWP)...