The battle against Log4Shell is proceeding very slowly due to a confluence of factors. It remains buried in a number of assets, particularly legacy systems that are tougher to address. But it also continues to affect organizations via new devices.
Iranian hackers installed crypto miner on federal agency’s network after exploiting unpatched Log4Shell vulnerability on the VMWare Horizon server to gain access. The threat actors moved laterally to the domain controller, compromised credentials and implanted reverse proxies on several hosts to maintain persistence.