Targeting of VMWare Horizon servers with Log4Shell vulnerability

Date of report

February 2022

Affiliations

APT 35

The Iranian threat actor APT 35 leveraged the Log4Shell vulnerability to run malicious PowerShell commands, deploy backdoors, steal credentials, and move laterally through systems.

Suspected victims

VMware Horizon servers

Suspected state sponsor

Iran (Islamic Republic of)

Type of incident

Espionage

Target category

Private sector

Victim government reaction

Unknown

Log4j2 In The Wild | Iranian-Aligned Threat Actor “TunnelVision” Actively Exploiting VMware Horizon
Iranian hackers target VMware Horizon servers with Log4j exploits

Cyber Operations Tracker

CFR.org

Topics

Regions

Explainers

Research & Analysis

Communities

Events