Monti ransomware infiltrates networks via the well-known Log4Shell

Threat Level

Attack Report

For a detailed threat advisory, download the pdf file here

Summary

The Monti ransomware infiltrated the client’s internet-facing VMware Horizon virtualization system by exploiting the well-known “Log4Shell” vulnerability, a.k.a. CVE-2021-44228. Furthermore, the threat actor employed a commercial, cloud-based remote monitoring and maintenance (RMM) platform named Action1, which has never been used in a ransomware campaign before.