Microsoft has reported that a China-based cybercrime group has actively been exploiting the Log4j vulnerability in VMware Horizon, its commercial desktop and app virtualization product. The IT giant claims that the group is attempting to deploy Night Sky ransomware that targets corporate networks and steals information in double extortion attacks. This means stealing unencrypted data from victims before encrypting devices in the network. Microsoft said:

“Based on our analysis, the attackers are using command and control (CnC) servers that spoof legitimate domains.”

The software company has been rolling out updates on the log4j vulnerability known as Log4shell regularly.


Good question and, to the IT layman. Log4j is probably meaningless. According to the UK National Cyber Security Centre (NCSC), Log4j is one of the many building blocks used by developers when creating modern code or software. It is also used by developers to keep track of software applications and online services. As the name implies, the open-source Log4j is a journal of activity continuously logging systems and applications and flagging any problems for users. Given that the logging software is used by millions of computers worldwide that run online services, the Log4shell is possibly the worse software vulnerability in many years.


Because Log4j is so widely used, it has become an easy piece of software to exploit. And when hackers lever Log4shell, they can break into and infect networks, steal passwords, logins and data, and subject victims to ransomware. The worrying aspect of all of this is that both individuals and organizations don’t realize that their IT devices and services use Log4j. They do. For development, operational and security purposes, almost all the software that we use today needs the ability to log, Log4j is a common component used for this.


In early January, the UK National Health Service (NHS) detected an unknown bad actor attempting to access its networks via attacks against VMware Horizon deployments running vulnerable versions of Log4j. This spurred Microsoft to issue a Log4j alert, explaining the depth and breadth of Log4shell. The software behemoth had previously reported ransomware attacks on Minecraft servers using Log4shell, with hackers compromising networks and selling access to ransomware-as-a-service (RaaS) third-party affiliates. Microsoft said in a statement:

 “We have observed many existing attackers adding exploits of these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on-keyboard attacks. Organizations may not realize their environments may already be compromised.”

The company also expressed concern over the extent of the Log4j vulnerabilities, seeing it as a real and present danger to computers and computer networks. Microsoft added:

“Due to the many software and services that are impacted and given the pace of updates, this is expected to have a long tail for remediation, requiring ongoing, sustainable vigilance.”


You don’t need to be a sitting duck and become a victim of the Log4shell vulnerability. I have 20 plus years of experience in professional business IT, specializing in cybersecurity and risk mitigation. I will check your systems for the use of Log4j and also your vulnerable software, recommend if you should contact your software vendors, set web application firewalls, check for scanning activity and much more. You can easily avoid both Log4shell and Night Sky. Simply reach out to me now.

Leave a comment