Suspected Chinese hackers use Log4j flaw to deploy Night Sky ransomware, Microsoft warns
A China-based ransomware operator has been exploiting a vulnerability in Log4j software to attack internet-facing systems running a popular virtualization service, Microsoft analysts reported Monday. The findings point toward attacks on VMWare Horizon, an application that allows remote users access to virtual computers and servers. Successful attacks have led to the deployment of ransomware via a hacking campaign that calls itself Night Sky. The group behind this effort has previously deployed other ransomware strains, including LockFile, AtomSilo, and Rook, the Microsoft researchers reported. This new campaign, which dates back to Jan. 4 — even though the VMWare Horizon exploitation at the hands of the Log4j vulnerability was spotted toward the end of December — relies in part on spoofed domains made to look as though they’re associated with known technology firms such as TrendMicro, Sophos, Nvidia, and Rogers. VMware issued guidance on remediation on Dec. 14, less than a week after […]
The post Suspected Chinese hackers use Log4j flaw to deploy Night Sky ransomware, Microsoft warns appeared first on CyberScoop.