Monti ransomware infiltrates networks via the well-known Log4Shell
Monti ransomware infiltrates networks via the well-known Log4Shell
Threat Level
Attack Report
For a detailed threat advisory, download the pdf file here
Summary
The Monti ransomware infiltrated the client’s internet-facing VMware Horizon virtualization system by exploiting the well-known “Log4Shell” vulnerability, a.k.a. CVE-2021-44228. Furthermore, the threat actor employed a commercial, cloud-based remote monitoring and maintenance (RMM) platform named Action1, which has never been used in a ransomware campaign before.