From May through June 2022, CISA responded to an organization that was compromised by an exploitation of an unpatched and unmitigated Log4Shell vulnerability in a VMware Horizon server. CISA analyzed five malware samples obtained from the organization’s network and released a Malware Analysis Report of the findings.
Users and administrators are encouraged to review MAR 10386789-1.v1 for more information. For more information on Log4Shell, see:
- Joint Cybersecurity Advisory (CSA) Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems,
- CISA’s Apache Log4j Vulnerability Guidance webpage,
- Joint CSA Mitigating Log4Shell and Other Log4j-Related Vulnerabilities, and
- CISA’s database of known vulnerable services on the CISA GitHub page.