The hackers use multiple legitimate services to achieve and obscure their activities. Download and run tunneling tools, including Plink and Ngrok, which are used to tunnel remote desktop protocol traffic.Harvest credentials using ProcDump, SAM hive dumps, and comsvcs MiniDump.Create a backdoor user and adding it to the network administrators group.Once it’s installed, TunnelVision members use it to: The PowerShell used here appears to be a variant of this publicly available one. Once installed, a shell allows the hackers to remotely execute commands of their choice on exploited networks. “Typically, the threat actor initially exploits the Log4j vulnerability to run PowerShell commands directly, and then runs further commands by means of PS reverse shells, executed via the Tomcat process.” AdvertisementĪpache Tomcat is an open source Web server that VMware and other enterprise software use to deploy and serve Java-based Web apps. ![]() “TunnelVision attackers have been actively exploiting the vulnerability to run malicious PowerShell commands, deploy backdoors, create backdoor users, harvest credentials, and perform lateral movement,” company researchers Amitai Ben Shushan Ehrlich and Yair Rigevsky wrote in a post. The SentinelOne research shows that the targeting continues and that this time the target is organizations running VMware Horizon, a desktop and app virtualization product that runs on Windows, macOS, and Linux. The bug bit the Internet’s biggest players and was widely targeted in the wild after it became known. ![]() CVE-2021-44228 (or Log4Shell, as the vulnerability is tracked or nicknamed) allows attackers to easily gain remote control over computers running apps in the Java programming language. Further Reading Hackers backed by Iran are targeting US critical infrastructure, US warnsRecently, SentinelOne reported, TunnelVision has started exploiting a critical vulnerability in Log4j, an open source logging utility that’s integrated into thousands of apps.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |