The threat actor known as Lazarus Group has been observed targeting the Log4Shell vulnerability (CVE-2021-44228) in a new series of attacks dubbed “Operation Blacksmith.” According to a new advisory published by Cisco Talos security researchers earlier today, the attacks leveraged the Log4Shell flaw in publicly facing VMWare Horizon servers for initial access. “This campaign consists of continued opportunistic targeting of enterprises around the world that publicly host and expose their vulnerable infrastructure to n-day vulnerability exploitation such as CVE-2021-44228,” reads the advisory.
Source: Infosecurity