Log4j Attacks Continue Unabated Against VMware Horizon Servers

VMware Horizon servers continue to be exploited by attackers due to the Apache Log4j vulnerability, with researchers at Sophos reporting attacks from January 19, 2022. The attackers often use tools to mine cryptocurrency, but some are also installing backdoors to maintain persistent access to compromised systems. These attacks may be a precursor to ransomware actions targeting Log4j flaws in unpatched versions of VMware Horizon server. The UK’s National Health Service was one of the first to warn about these threats.