US Gov Warning: Start Hunting for Iranian APTs That Exploited Log4j

The U.S. government has warned of the threat posed by Iranian hackers using the Log4j vulnerability to gain entry into corporate networks via unpatched VMWare Horizon servers. The CISA and FBI advise organizations to adopt an “assume compromise” approach and conduct threat-hunting activities. Recommended measures include patching systems, minimising internet-facing attack surfaces, and implementing rigorous identity management and access best practices.