CISA releases IOCs for attacks exploiting Log4Shell in VMware Horizon and UAG

Cybersecurity and Infrastructure Security Agency (CISA) has been probing attacks that exploit the Log4Shell vulnerability in third-party products including VMware Horizon and Unified Access Gateway. The agency highlighted the enduring impact of the six-month-old vulnerability and confirmed the exploitation of Log4Shell by malicious actors. The hackers used PowerShell scripts acting as Trojan downloaders and XML files to set up persistent tasks on compromised systems. Additionally, local IP addresses were scanned for other systems and open ports. The agency has published detailed descriptions of the files used in these attacks along with file hashes to aid security teams.