Iran-backed hackers breached a US federal agency that failed to patch year-old bug

US government cybersecurity agency CISA has reported a breach by Iranian hackers of an unnamed federal agency that failed to patch against a known vulnerability, Log4Shell. The hackers used an unpatched VMware Horizon server to breach the network and install crypto mining and credential stealing software. It is unclear why the hackers targeted the federal agency.