{"id":44489,"date":"2021-12-17T22:02:00","date_gmt":"2021-12-17T22:02:00","guid":{"rendered":"http:\/\/8bd287ee-6cbd-4a53-85b1-7887638f3af4"},"modified":"2021-12-17T22:02:00","modified_gmt":"2021-12-17T22:02:00","slug":"log4j-conti-ransomware-attacking-vmware-servers-and-tellyouthepass-ransomware-hits-china","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/log4j-conti-ransomware-attacking-vmware-servers-and-tellyouthepass-ransomware-hits-china\/","title":{"rendered":"Log4j: Conti ransomware attacking VMware servers and TellYouThePass ransomware hits China"},"content":{"rendered":"<p>Researchers with security firm Advanced Intelligence have discovered the Conti ransomware group exploiting VMware vCenter Server instances through the <a href=\"https:\/\/www.zdnet.com\/article\/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself\/\" target=\"_blank\" rel=\"noopener\">Log4j vulnerabilities<\/a>.&nbsp;<\/p>\n<p><a href=\"https:\/\/www.advintel.io\/post\/ransomware-advisory-log4shell-exploitation-for-initial-access-lateral-movement\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">In a report on Friday<\/a>, the security company said it discovered multiple members of Conti discussing ways to take advantage of the Log4j issue, making them the first sophisticated ransomware group spotted trying to weaponize the vulnerability.&nbsp;<\/p>\n<p>AdvIntel said the current exploitation &#8220;led to multiple use cases through which the Conti group tested the possibilities of utilizing the Log4J2 exploit.&#8221;&nbsp;<\/p>\n<p>&#8220;Most importantly, AdvIntel confirmed that the criminals pursued targeting specific vulnerable Log4J2 VMware vCenter for lateral movement directly from the compromised network resulting in vCenter access affecting US and European victim networks from the pre-existent Cobalt Strike sessions,&#8221; the researchers said.&nbsp;<\/p>\n<p>They noted that their research of ransomware logs shows Conti made over $150 million in the last six months. AdvIntel laid out a timeline of events for Conti&#8217;s interest in Log4j starting on November 1, when the group sought to find new attack vectors. Throughout November, Conti redesigned its infrastructure as it sought to expand and by December 12, they identified Log4Shell as a possibility.&nbsp;<\/p>\n<p>By December 15, they began actively targeting vCenter networks for lateral movement.&nbsp;<\/p>\n<figure class=\"image image-large shortcode-image\"><span class=\"img aspect-set \"><img decoding=\"async\" src=\"https:\/\/www.zdnet.com\/article\/conti-ransomware-attacking-vmware-vcenter-servers-through-log4j-vulnerability\/\" class=\"lazy\" alt=\"screen-shot-2021-12-17-at-5-00-39-pm.png\" height=\"auto\" width=\"470\" data-original=\"https:\/\/www.zdnet.com\/a\/img\/resize\/5c3974eed9901f08c0e0f11a36cd792dbbb75ed4\/2021\/12\/17\/ec81a40d-8c5b-482f-95a4-3807e152cfa2\/screen-shot-2021-12-17-at-5-00-39-pm.png?width=470&amp;fit=bounds&amp;auto=webp\"><\/span><noscript><span class=\"img aspect-set \"><img decoding=\"async\" src=\"https:\/\/www.zdnet.com\/a\/img\/resize\/5c3974eed9901f08c0e0f11a36cd792dbbb75ed4\/2021\/12\/17\/ec81a40d-8c5b-482f-95a4-3807e152cfa2\/screen-shot-2021-12-17-at-5-00-39-pm.png?width=470&amp;fit=bounds&amp;auto=webp\" class alt=\"screen-shot-2021-12-17-at-5-00-39-pm.png\" height=\"auto\" width=\"470\"><\/span><\/noscript><figcaption><span class=\"caption\"><\/span><span class=\"credit\"> Advanced Intelligence <\/span><\/figcaption><\/figure>\n<p>In a statement, VMware said it <a href=\"https:\/\/www.vmware.com\/security\/advisories\/VMSA-2021-0028.html\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">issued a security advisory<\/a> containing fixes for the 40 products it sells that are vulnerable to the Log4J issue, including vCenter. In the advisory they confirm that exploitation attempts in the wild have been confirmed.&nbsp;<\/p>\n<section class=\"sharethrough-top placeholder\"> <\/section>\n<p>&#8220;Any service connected to the internet and not yet patched for the Log4j vulnerability (CVE-2021-44228) is vulnerable to hackers, and VMware strongly recommends immediate patching for Log4j,&#8221; VMware said.<\/p>\n<p>AdvIntel added that it is only a matter of time until Conti and other groups will begin exploiting Log4j to its full capacity.&nbsp;<\/p>\n<p>Khonsari <a href=\"https:\/\/www.zdnet.com\/article\/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j\/\">was the first ransomware group<\/a> to begin targeting Log4j but was considered lower grade and did not even have a viable ransom note, leading some to consider it simply a wiper. <a href=\"https:\/\/www.secpulse.com\/archives\/171335.html\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">Researchers in China<\/a> have identified the <a href=\"https:\/\/www.curatedintel.org\/2021\/12\/tellyouthepass-ransomware-via-log4shell.html\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">TellYouThePass ransomware<\/a> being used in attacks against Windows and Linux devices using the Log4j issue.&nbsp;<\/p>\n<p>Recorded Future ransomware expert Allan Liska said the most recent news about different ransomware groups exploring exploitation of Log4j lined up with what he is seeing.<\/p>\n<p>&#8220;IABs working with Conti have started scanning for Log4Shell and likely have exploited victims. BUT we have not seen any evidence of a successful ransomware attack resulting from these scans yet. Doesn&#8217;t mean it hasn&#8217;t happened, just we haven&#8217;t seen it,&#8221; Liska said.&nbsp;<\/p>\n<p> READ MORE <a href=\"https:\/\/www.zdnet.com\/article\/conti-ransomware-attacking-vmware-vcenter-servers-through-log4j-vulnerability\/#ftag=RSSbaffb68\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Researchers in China have also seen the TellYouThePass ransomware used in Log4j attacks on Windows and Linux devices.<br \/>\nREAD MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[62],"tags":[],"class_list":["post-44489","post","type-post","status-publish","format-standard","hentry","category-zdnet-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Log4j: Conti ransomware attacking VMware servers and TellYouThePass ransomware hits China 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/log4j-conti-ransomware-attacking-vmware-servers-and-tellyouthepass-ransomware-hits-china\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Log4j: Conti ransomware attacking VMware servers and TellYouThePass ransomware hits China 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/log4j-conti-ransomware-attacking-vmware-servers-and-tellyouthepass-ransomware-hits-china\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-12-17T22:02:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.zdnet.com\/article\/conti-ransomware-attacking-vmware-vcenter-servers-through-log4j-vulnerability\/\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-conti-ransomware-attacking-vmware-servers-and-tellyouthepass-ransomware-hits-china\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-conti-ransomware-attacking-vmware-servers-and-tellyouthepass-ransomware-hits-china\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Log4j: Conti ransomware attacking VMware servers and TellYouThePass ransomware hits China\",\"datePublished\":\"2021-12-17T22:02:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-conti-ransomware-attacking-vmware-servers-and-tellyouthepass-ransomware-hits-china\\\/\"},\"wordCount\":455,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-conti-ransomware-attacking-vmware-servers-and-tellyouthepass-ransomware-hits-china\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/article\\\/conti-ransomware-attacking-vmware-vcenter-servers-through-log4j-vulnerability\\\/\",\"articleSection\":[\"ZDNet | Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-conti-ransomware-attacking-vmware-servers-and-tellyouthepass-ransomware-hits-china\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-conti-ransomware-attacking-vmware-servers-and-tellyouthepass-ransomware-hits-china\\\/\",\"name\":\"Log4j: Conti ransomware attacking VMware servers and TellYouThePass ransomware hits China 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-conti-ransomware-attacking-vmware-servers-and-tellyouthepass-ransomware-hits-china\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-conti-ransomware-attacking-vmware-servers-and-tellyouthepass-ransomware-hits-china\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/article\\\/conti-ransomware-attacking-vmware-vcenter-servers-through-log4j-vulnerability\\\/\",\"datePublished\":\"2021-12-17T22:02:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-conti-ransomware-attacking-vmware-servers-and-tellyouthepass-ransomware-hits-china\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-conti-ransomware-attacking-vmware-servers-and-tellyouthepass-ransomware-hits-china\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-conti-ransomware-attacking-vmware-servers-and-tellyouthepass-ransomware-hits-china\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.zdnet.com\\\/article\\\/conti-ransomware-attacking-vmware-vcenter-servers-through-log4j-vulnerability\\\/\",\"contentUrl\":\"https:\\\/\\\/www.zdnet.com\\\/article\\\/conti-ransomware-attacking-vmware-vcenter-servers-through-log4j-vulnerability\\\/\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-conti-ransomware-attacking-vmware-servers-and-tellyouthepass-ransomware-hits-china\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Log4j: Conti ransomware attacking VMware servers and TellYouThePass ransomware hits China\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Log4j: Conti ransomware attacking VMware servers and TellYouThePass ransomware hits China 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/log4j-conti-ransomware-attacking-vmware-servers-and-tellyouthepass-ransomware-hits-china\/","og_locale":"en_US","og_type":"article","og_title":"Log4j: Conti ransomware attacking VMware servers and TellYouThePass ransomware hits China 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/log4j-conti-ransomware-attacking-vmware-servers-and-tellyouthepass-ransomware-hits-china\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-12-17T22:02:00+00:00","og_image":[{"url":"https:\/\/www.zdnet.com\/article\/conti-ransomware-attacking-vmware-vcenter-servers-through-log4j-vulnerability\/","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/log4j-conti-ransomware-attacking-vmware-servers-and-tellyouthepass-ransomware-hits-china\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/log4j-conti-ransomware-attacking-vmware-servers-and-tellyouthepass-ransomware-hits-china\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Log4j: Conti ransomware attacking VMware servers and TellYouThePass ransomware hits China","datePublished":"2021-12-17T22:02:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/log4j-conti-ransomware-attacking-vmware-servers-and-tellyouthepass-ransomware-hits-china\/"},"wordCount":455,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/log4j-conti-ransomware-attacking-vmware-servers-and-tellyouthepass-ransomware-hits-china\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/article\/conti-ransomware-attacking-vmware-vcenter-servers-through-log4j-vulnerability\/","articleSection":["ZDNet | Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/log4j-conti-ransomware-attacking-vmware-servers-and-tellyouthepass-ransomware-hits-china\/","url":"https:\/\/www.threatshub.org\/blog\/log4j-conti-ransomware-attacking-vmware-servers-and-tellyouthepass-ransomware-hits-china\/","name":"Log4j: Conti ransomware attacking VMware servers and TellYouThePass ransomware hits China 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/log4j-conti-ransomware-attacking-vmware-servers-and-tellyouthepass-ransomware-hits-china\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/log4j-conti-ransomware-attacking-vmware-servers-and-tellyouthepass-ransomware-hits-china\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/article\/conti-ransomware-attacking-vmware-vcenter-servers-through-log4j-vulnerability\/","datePublished":"2021-12-17T22:02:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/log4j-conti-ransomware-attacking-vmware-servers-and-tellyouthepass-ransomware-hits-china\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/log4j-conti-ransomware-attacking-vmware-servers-and-tellyouthepass-ransomware-hits-china\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/log4j-conti-ransomware-attacking-vmware-servers-and-tellyouthepass-ransomware-hits-china\/#primaryimage","url":"https:\/\/www.zdnet.com\/article\/conti-ransomware-attacking-vmware-vcenter-servers-through-log4j-vulnerability\/","contentUrl":"https:\/\/www.zdnet.com\/article\/conti-ransomware-attacking-vmware-vcenter-servers-through-log4j-vulnerability\/"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/log4j-conti-ransomware-attacking-vmware-servers-and-tellyouthepass-ransomware-hits-china\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Log4j: Conti ransomware attacking VMware servers and TellYouThePass ransomware hits China"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/44489","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=44489"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/44489\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=44489"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=44489"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=44489"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}