Prophet Spider Is Exploiting Log4j Vulnerabilities In VMware Horizon

Initial access broker group Prophet Spider has been found exploiting the Log4j vulnerability in VMware Horizon, according to a new report from researchers with BlackBerry Research & Intelligence and Incident Response teams. Given how widely used VMware Horizon is used, this is a major threat.

Jorge Orchilles, CTO, SCYTHE had this to say:

“Initial Access Brokers leverage any opportunity to gain access to an organization. They must maintain that access as they sell it and hand it off to the buyer. Today the exploit being used is for Log4j, tomorrow it will be another. As defenders, we want to be able to detect and respond to the inevitable exploit that will one day break through our protection. Regardless of the exploit, we can detect and respond to what happens after by testing, training, and improving our people, process, and security controls. This is an ever evolving field, we must collaborate to stay ahead of the threats.”

This is the key thing:

The exact number of applications (and the various versions) affected by these vulnerabilities may never be fully known. Although VMware released a patch and mitigation guidance in December 2021 in response to the vulnerability, many implementations remain unpatched, leaving them susceptible to exploitation.

Thus if you haven’t got about patching, you may want to hop to it ASAP seeing as this is being exploited.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: