VMware Horizon servers attacked by Iranian hackers with Log4j exploits
By MYBRANDBOOK
An Iranian-aligned hacking group tracked as TunnelVision was spotted exploiting Log4j on VMware Horizon servers to breach corporate networks in the Middle East and the United States.
The ultimate goal of TunnelVision appears to be the deployment of ransomware, so the group is not focused on cyber espionage only but data destruction and operational disturbance too. The name itself says that Tunneling is the process of routing data traffic in such a way that its transmission becomes obfuscated or even hidden.
TunnelVision dropped two custom reverse shell backdoors onto compromised machines. The first payload is a zip file that contains an executable named "InteropServices.exe," which contains an obfuscated reverse shell beaconing to "microsoft-updateserver[.]cf."
The second payload, which was predominately used by the threat actors in recent attacks, is a modified version of a one-liner PowerShell available on GitHub. The exploitation process involves the direct execution of PowerShell commands and the activation of reverse shells via the Tomcat service.
TunnelVision relies on this second backdoor to execute recon commands; create backdoor users and add them to the administrators' group; credential harvesting using Procdump, SAM hive dumps, and comsvcs MiniDump; download and execute tunneling tools, including Plink and Ngrok, used to tunnel RDP traffic; execution of a reverse shell utilizing VMware Horizon NodeJS component; perform RDP scans on the internal subnet using a publicly available port scan script.
The government of India intends to construct a single portal f
A single portal will be launched by the Indian government to list all of it...
OpenAI offers GPT-4o, a faster model available to all users at
GPT-4o, a faster and more sophisticated AI model, is made available to all...
Paytm brings UPI Lite Wallet for low-value transactions
Paytm’s parent company One97 Communications (OCL) is emphasizing upon UP...
BHIM to join e-commerce, competing with PhonePe and Google Pay
The government-supported payment software BHIM is getting ready to join t...
SAMRIDDHI AUTOMATIONS PVT. LTD.
CENTRE FOR DEVELOPMENT OF TELEMATICS
VVDN TECHNOLOGIES
MICROMAX INFORMATICS LTD.
Technology Icons Of India 2023: Amitabh Kant
Amitabh Kant is presently the G20 Sherpa of India during its Presidenc...
Technology Icons Of India 2023: Natarajan Chandrasekaran
Natarajan Chandrasekaran is the Chairman of the Board of Tata Sons, th...
Technology Icons Of India 2023: Sandip Patel
Sandip Patel is the Managing Director, IBM India/South Asia. He is res...
BBNL empowering rural India digitally
BBNL provide high speed digital connectivity to Rural India at afforda...
BEL leveraging next generation technologies to keep the country ahead in Defence space
Bharat Electronics Limited (BEL) is a Navratna PSU under the Ministry ...
GSTN aims to integrate indirect tax ecosystem on a shared IT infrastructure
Goods and Services Tax Network (GSTN) has built Indirect Taxation plat...
R P TECH INDIA
R P Tech is recognized for its diverse products portfolio, value-add...
TECHNOBIND SOLUTIONS PVT. LTD.
TechnoBind’s business model is focused on identifying and partnering...
INGRAM MICRO INDIA PVT. LTD.
Ingram Micro India, a large national distributor offers a comprehensiv...