By exploiting the Log4Shell vulnerability, the Iranian-backed hackers broke into an an unpatched VMware Horizon server in February and then used that access to move laterally within the network of an unidentified federal agency, according to Wednesday’s joint advisory from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation.
On Thursday, The Washington Post reported that the affected agency was U.S. Merit Systems Protection Board.
Previous Post
Next Post
