Microsoft said the ransomware group directing the Horizon attacks, which it is tracking as ‘DEV-0401’, has previously deployed LockFile, AtomSilo, and Rook ransomware, as well as exploited CVE-2021-26084 in Atlassian Confluence and CVE-2021-34473 in on-premises Exchange servers. NightSky leverages the in-vogue ‘double extortion’ model and was identified by threat researchers from MalwareHunterTeam on January 1. When successful, the attacks – which began “as early as January 4” – result in the deployment of the NightSky ransomware.Ĭatch up with the latest ransomware news and attacks “Based on our analysis, the attackers are using command and control (CnC) servers that spoof legitimate domains,” said the software giant in a January 10 addition to its rolling ‘Log4Shell’ updates.
Microsoft says cybercrime group is attempting to deploy NightSky ransomwareĪ China-based ransomware operator has for the past week been actively exploiting the Log4j vulnerability in VMware Horizon, the desktop and app virtualization platform, Microsoft has warned.
0 kommentar(er)
