Bad Actors Continue to Exploit Log4Shell Vulnerabilities

September 7, 2022

Takeaway: CISA and CGYBER recommend all organizations who did not immediately apply available patches to assume Log4Shell compromise and initiate threat hunting activities.

In December 2021, the world was held hostage by hackers who found certain vulnerabilities in Log4Shell and exploited them. As part of this exploitation, suspected and advanced threat actors implanted loader malware on compromised systems with embedded directives enabling remote command and control. A confirmed compromise showed that these actors were able to infiltrate a disaster recovery network and collect sensitive data.

Cybersecurity agencies and governmental policy bodies acted immediately against these threats and released patches and Malware Analysis Reports MAR-10382580-1 and MAR-10382254-1 detailing hack workarounds. But the threat was omnipresent.

The Cybersecurity and Infrastructure Security Agency (CISA) and the United States Coast Guard Cyber Command (CGYBER) recently released a warning in July to network defenders that cyber threat actors continue to exploit CVE-2021-4423 (Log4Shell) in VMware Horizon and Unified Access Gateway (UAG) servers to infiltrate organizations that failed to apply patches.

Organizations are encouraged to read MAR-10382254-1 which provides examples of malware samples including indicators of comprise (IOCs) and detection signatures.

What organizations must do now is:

  • Install fixed builds, updating all affected VMware Horizon and UAG systems to the latest versions. If updates or workarounds were not promptly applied following VMware’s release of updates for Log4Shell in December 2021, organizations must treat all affected VMware systems as compromised.
  • Minimize the internet-facing attack surface by hosting essential services on a segregated demilitarized (DMZ) zone, ensuring strict network perimeter access controls, and implementing regularly updated web application firewalls (WAFs) in front of public-facing services.

For the full article and specific examples of Log4Shell threat events, go to:

* This blog is available for informational purposes only and is not considered legal advice on any subject matter. By viewing blog posts, the reader understands there is no attorney-client relationship between the reader and the blog publisher. The blog should not be used as a substitute for legal advice from a licensed professional attorney. Readers are urged to consult their own legal counsel or reach out to any of Pietragallo’s attorneys on any legal questions concerning a specific situation.

News & Events

Related News

Michael O. Bethune and Adam Garret selected to the ACBA Young Lawyers Division Bar Leadership Initiative
September 27, 2023
We are pleased to announce that two Pietragallo attorneys, Michael Bethune and Adam Garret, are among the 14 attorneys selected to the Allegheny County Bar Association’s (ACBA) Young Lawyers Division Bar Leadership Initiative Class of 2023-2024. Read More
Bar News: Ashi Colina admitted to the Florida State Bar
September 27, 2023
Pietragallo attorney Ashi Colina has been admitted to the Florida State Bar. Ms. Colina is a member of the firm’s Government Enforcement, Compliance, & White Collar Litigation & Qui Tam & False Claims Act practice groups. Read More

Upcoming Events

Scott A. Coffina to Present at the PTACC’s 2023 National Deflection & Pre-Arrest Diversion Summit
October 4, 2023
Pietragallo partner Scott A. Coffina will be presenting at the Police, Treatment, and Community Collaborative’s (PTACC) 2023 National Deflection & Pre-Arrest Diversion Summit taking place from October 3-6, 2023 in Denver, Colorado. Read More
Timothy Hazel to present at Realtors Association of Metropolitan Pittsburgh Program
November 1, 2023
Pietragallo partner Timothy Hazel will present “Luxury Real Estate: Condos and Homes” to the Realtors Association of Metropolitan Pittsburgh on November 1, 2023 in Pittsburgh, PA. Read More
View More News & Events