VMware vCenter Server Attacked Through Log4J Vulnerability

A week ago, we shared the news that a vulnerability was found in Java logging tool Log4J.

The Log4Shell bug is now found to be used by Russian hackers who target VMware vCenter Server instances and encrypt virtual machines with ransomware.

VMware, like many other large software companies, relies on the open source Log4j library, which is vulnerable to the Log4Shell zero-day exploit. This Russian hacker group, Conti, has been attacking VMware’s vCenter Server, according to security experts from AdvIntel.

A large part of VMware’s portfolio is theoretically impacted, listing 40 vulnerable products. VMware is working actively on fixes and mitigation options, however there is presently no patch available for vCenter Server.

The Conti Ransomware Gang

Conti is a professional ransomware gang that has been attacking corporate networks for more than two years and is said to have gained hundreds of millions of dollars through infecting, encrypting, and ransoming them.

Firms that employ vCenter servers should look into patching or applying mitigations. The Log4j library is also used though in a slew of other corporate software products, which means that Conti still has a lot of options to vary its attacks. So, it’s recommended to patch everything, not only vCenter.

The Conti Ransomware Gang’s new favorite sales approach is double extortion. Conti will not only take your most essential data from you if you fail to pay its ransom, but it will also exfiltrate and publish them on its own ‘Conti News’ website, or sell them straight to your rivals.

To learn more about the VMware vCenter vulnerability, visit the VMware website here.