Ransomware Hackers Exploit Log4j Vulnerability

The hackers attacked VMWare Horizon through a campaign called Night Sky.

January 13, 2022

Log4J Vulnerability

ALEXANDRIA, Va.—Chinese ransomware hackers allegedly have used the vulnerability in Log4j software to attack internet-facing systems running a popular virtualization service, reports CyberScoop. VMWare Horizon, which is an app that allows remote users access to virtual computers and servers, has been attacked through a hacking campaign that calls itself Night Sky.

The hacking campaign has been happening since Jan. 4, and it relies in part on made up domains that look like they’re associated with known technology firms. VMware issued guidance on remediation on Dec. 14, less than a week after the Java-based vulnerability in the widely used open-source logging software became public.

Last week, the Federal Trade Commission (FTC) warned companies to protect their software against Logj4, which is a widespread security vulnerability. Log4j is a ubiquitous piece of software used to record activities in a wide range of systems found in consumer-facing products and services.

“When vulnerabilities are discovered and exploited, it risks a loss or breach of personal information, financial loss, and other irreversible harms. ... It is critical that companies and their vendors relying on Log4j act now, in order to reduce the likelihood of harm to consumers, and to avoid FTC legal action,” wrote the FTC in a blog post.

Companies can check if they use the Log4j software library by consulting the Cybersecurity and Infrastructure Security Agency guidance. If the software is being used, here’s what to do.

NACS Daily shared five steps companies can take to help avoid the Log4j vulnerability.