{"id":44947,"date":"2022-01-21T16:58:00","date_gmt":"2022-01-21T16:58:00","guid":{"rendered":"http:\/\/2596f1da-8a22-4de8-ad5a-ffd3ccc08932"},"modified":"2022-01-21T16:58:00","modified_gmt":"2022-01-21T16:58:00","slug":"log4j-attackers-continue-targeting-vmware-horizon-servers","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/log4j-attackers-continue-targeting-vmware-horizon-servers\/","title":{"rendered":"Log4J: Attackers continue targeting VMware Horizon servers"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/www.zdnet.com\/a\/img\/resize\/648d544e04767b8c71653463ec50b9f8977ed6bd\/2022\/01\/11\/6005ba87-2a82-4d5d-a352-f25e33a510c0\/vmware.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\" class=\"ff-og-image-inserted\"><\/div>\n<p>According to several cybersecurity companies monitoring the situation, attackers are still targeting VMware Horizon servers through <a href=\"https:\/\/www.zdnet.com\/article\/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself\/\" target=\"_blank\" rel=\"noopener\">Log4J vulnerabilities<\/a>.&nbsp;<\/p>\n<div class=\"relatedContent alignRight\">\n<h3 class=\"heading\"> <span class=\"int\">More VMWare<\/span> <\/h3>\n<\/p><\/div>\n<p>Two weeks ago, the UK&#8217;s National Health Service (NHS) <a href=\"https:\/\/www.zdnet.com\/article\/log4j-flaw-attackers-are-targeting-log4shell-vulnerabilities-in-vmware-horizon-servers-says-nhs\/\" target=\"_blank\" rel=\"noopener\">issued<\/a> a warning that an &#8216;unknown threat group&#8217; is attempting to exploit a&nbsp;<a href=\"https:\/\/www.zdnet.com\/article\/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself\/\" target=\"_blank\" rel=\"noopener\">Log4j vulnerability<\/a>&nbsp;(<a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-44228\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">CVE-2021-44228<\/a>) in VMware Horizon servers to establish web shells that could be used to distribute malware and ransomware, steal sensitive information, and complete other malicious attacks.&nbsp;<\/p>\n<p>Since then, several cybersecurity companies have confirmed that hackers are continuing to target VMware Horizon servers. In a statement to <em>ZDNet<\/em>, VMware said they are continuing to urge customers to apply the latest guidance found in their security advisory,&nbsp;<a href=\"https:\/\/www.vmware.com\/security\/advisories\/VMSA-2021-0028.html\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">VMSA-2021-0028<\/a>, in order to resolve vulnerabilities CVE-2021-44228 and CVE-2021-4504.&nbsp;<\/p>\n<p>&#8220;We also recommend that customers visit our corresponding&nbsp;<a href=\"https:\/\/via.vmw.com\/vmsa-2021-0028-faq\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">Questions &amp; Answers document<\/a>&nbsp;for the latest information and join the VMware&nbsp;<a href=\"https:\/\/lists.vmware.com\/cgi-bin\/mailman\/listinfo\/security-announce\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">Security-Announce mailing list<\/a>&nbsp;for all future advisories. Any service connected to the internet and not yet patched for Log4j vulnerabilities CVE-2021-44228 and CVE-2021-4504 is vulnerable to hackers, and VMware strongly recommends patching,&#8221; a VMware spokesperson said.&nbsp;<\/p>\n<p>Rapid7 <a href=\"https:\/\/www.rapid7.com\/blog\/post\/2022\/01\/18\/active-exploitation-of-vmware-horizon-servers\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">said<\/a> it began monitoring a sudden increase in VMware Horizon exploitation on January 14 and identified five unique avenues that attackers have taken post-exploitation, signaling that multiple actors are involved in this mass exploitation activity.<\/p>\n<p>&#8220;The most common activity sees the attacker executing PowerShell and using the built-in System.Net.WebClient object to download cryptocurrency mining software to the system,&#8221; Rapid7 explained.<\/p>\n<p>Huntress <a href=\"https:\/\/www.huntress.com\/blog\/cybersecurity-advisory-vmware-horizon-servers-actively-being-hit-with-cobalt-strike\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">released<\/a> its own blog about the issue, noting that according to Shodan, about 25,000 Horizon servers are currently internet-accessible worldwide.<\/p>\n<section class=\"sharethrough-top placeholder\"> <\/section>\n<p>Roger Koehler, vice president of threat operations at Huntress, told <em>ZDNet <\/em>the NHS article didn&#8217;t give an idea of the scope of the problem.&nbsp;<\/p>\n<p>&#8220;Based on how many Horizon servers in our data set are unpatched (only 18% were patched as of last Friday night), there is a high risk of this seriously impacting hundreds-if not in the low thousands-of businesses. This weekend also marks the first time we&#8217;ve seen proof of widespread escalation, going from gaining initial access to starting to take hostile actions on Horizon servers,&#8221; Koehler said.&nbsp;<\/p>\n<p>&#8220;Since we&#8217;re seeing multiple likely unrelated campaigns (cryptominers, web shells, Cobalt Strike), it&#8217;s likely that this will continue to escalate. Attackers are going to make businesses pay for not fully patching when VMware gave their initial guidance. Although the initial web shell campaign appears to focus on long-term access, it&#8217;s likely that future activity will focus on targeting or impacting the systems accessible via VMware Horizon. And it makes sense-attackers can use this access to impact all the virtualized hosts and servers.&#8221;&nbsp;<\/p>\n<p>Koehler added that these are high-value targets, and people are not patching despite multiple, widespread campaigns targeting them, noting that they recently witnessed this happen with ProxyShell and ProxyLogon. While these are not quite as significant and far-reaching as this latest cyberattack, these vulnerabilities serve as evidence that attackers will likely be back to target those systems that haven&#8217;t yet been patched, Koehler explained.&nbsp;<\/p>\n<p>He said ProxyShell surfaced months after ProxyLogon was disclosed, and it was made possible only because many had failed to properly patch.&nbsp;<\/p>\n<p>&#8220;The timing is also significant. If we think back to the big <a href=\"https:\/\/www.zdnet.com\/article\/updated-kaseya-ransomware-attack-faq-what-we-know-now\/\" target=\"_blank\" rel=\"noopener\">Kaseya incident<\/a>, they picked the July 4 holiday weekend. The original widespread intrusion with web shells took place over the Christmas holiday (they were dropped between December 25 and December 29), and things are escalating now that it&#8217;s another three-day weekend in the US. Is damage control going to become a holiday tradition for those in cybersecurity?&#8221; Koehler said.<\/p>\n<p>&#8220;The web shell attack between December 25 and 29 was more sophisticated compared to something like the Exchange attack. It seems like the majority of antivirus tools failed to identify that anything was wrong and still haven&#8217;t caught up. The moral of this story? It&#8217;s the same old song: patch, patch, patch.&#8221;<\/p>\n<p> READ MORE <a href=\"https:\/\/www.zdnet.com\/article\/log4j-attackers-continue-targeting-vmware-horizon-servers\/#ftag=RSSbaffb68\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>VMware has urged customers to apply the latest guidance as a way to resolve vulnerabilities CVE-2021-44228 and CVE-2021-4504.<br \/>\nREAD MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[62],"tags":[],"class_list":["post-44947","post","type-post","status-publish","format-standard","hentry","category-zdnet-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Log4J: Attackers continue targeting VMware Horizon servers 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/log4j-attackers-continue-targeting-vmware-horizon-servers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Log4J: Attackers continue targeting VMware Horizon servers 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/log4j-attackers-continue-targeting-vmware-horizon-servers\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-01-21T16:58:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.zdnet.com\/a\/img\/resize\/648d544e04767b8c71653463ec50b9f8977ed6bd\/2022\/01\/11\/6005ba87-2a82-4d5d-a352-f25e33a510c0\/vmware.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-attackers-continue-targeting-vmware-horizon-servers\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-attackers-continue-targeting-vmware-horizon-servers\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Log4J: Attackers continue targeting VMware Horizon servers\",\"datePublished\":\"2022-01-21T16:58:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-attackers-continue-targeting-vmware-horizon-servers\\\/\"},\"wordCount\":677,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-attackers-continue-targeting-vmware-horizon-servers\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/648d544e04767b8c71653463ec50b9f8977ed6bd\\\/2022\\\/01\\\/11\\\/6005ba87-2a82-4d5d-a352-f25e33a510c0\\\/vmware.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\",\"articleSection\":[\"ZDNet | Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-attackers-continue-targeting-vmware-horizon-servers\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-attackers-continue-targeting-vmware-horizon-servers\\\/\",\"name\":\"Log4J: Attackers continue targeting VMware Horizon servers 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-attackers-continue-targeting-vmware-horizon-servers\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-attackers-continue-targeting-vmware-horizon-servers\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/648d544e04767b8c71653463ec50b9f8977ed6bd\\\/2022\\\/01\\\/11\\\/6005ba87-2a82-4d5d-a352-f25e33a510c0\\\/vmware.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\",\"datePublished\":\"2022-01-21T16:58:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-attackers-continue-targeting-vmware-horizon-servers\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-attackers-continue-targeting-vmware-horizon-servers\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-attackers-continue-targeting-vmware-horizon-servers\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/648d544e04767b8c71653463ec50b9f8977ed6bd\\\/2022\\\/01\\\/11\\\/6005ba87-2a82-4d5d-a352-f25e33a510c0\\\/vmware.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\",\"contentUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/648d544e04767b8c71653463ec50b9f8977ed6bd\\\/2022\\\/01\\\/11\\\/6005ba87-2a82-4d5d-a352-f25e33a510c0\\\/vmware.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/log4j-attackers-continue-targeting-vmware-horizon-servers\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Log4J: Attackers continue targeting VMware Horizon servers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Log4J: Attackers continue targeting VMware Horizon servers 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/log4j-attackers-continue-targeting-vmware-horizon-servers\/","og_locale":"en_US","og_type":"article","og_title":"Log4J: Attackers continue targeting VMware Horizon servers 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/log4j-attackers-continue-targeting-vmware-horizon-servers\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-01-21T16:58:00+00:00","og_image":[{"url":"https:\/\/www.zdnet.com\/a\/img\/resize\/648d544e04767b8c71653463ec50b9f8977ed6bd\/2022\/01\/11\/6005ba87-2a82-4d5d-a352-f25e33a510c0\/vmware.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/log4j-attackers-continue-targeting-vmware-horizon-servers\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/log4j-attackers-continue-targeting-vmware-horizon-servers\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Log4J: Attackers continue targeting VMware Horizon servers","datePublished":"2022-01-21T16:58:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/log4j-attackers-continue-targeting-vmware-horizon-servers\/"},"wordCount":677,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/log4j-attackers-continue-targeting-vmware-horizon-servers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/648d544e04767b8c71653463ec50b9f8977ed6bd\/2022\/01\/11\/6005ba87-2a82-4d5d-a352-f25e33a510c0\/vmware.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp","articleSection":["ZDNet | Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/log4j-attackers-continue-targeting-vmware-horizon-servers\/","url":"https:\/\/www.threatshub.org\/blog\/log4j-attackers-continue-targeting-vmware-horizon-servers\/","name":"Log4J: Attackers continue targeting VMware Horizon servers 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/log4j-attackers-continue-targeting-vmware-horizon-servers\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/log4j-attackers-continue-targeting-vmware-horizon-servers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/648d544e04767b8c71653463ec50b9f8977ed6bd\/2022\/01\/11\/6005ba87-2a82-4d5d-a352-f25e33a510c0\/vmware.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp","datePublished":"2022-01-21T16:58:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/log4j-attackers-continue-targeting-vmware-horizon-servers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/log4j-attackers-continue-targeting-vmware-horizon-servers\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/log4j-attackers-continue-targeting-vmware-horizon-servers\/#primaryimage","url":"https:\/\/www.zdnet.com\/a\/img\/resize\/648d544e04767b8c71653463ec50b9f8977ed6bd\/2022\/01\/11\/6005ba87-2a82-4d5d-a352-f25e33a510c0\/vmware.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp","contentUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/648d544e04767b8c71653463ec50b9f8977ed6bd\/2022\/01\/11\/6005ba87-2a82-4d5d-a352-f25e33a510c0\/vmware.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/log4j-attackers-continue-targeting-vmware-horizon-servers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Log4J: Attackers continue targeting VMware Horizon servers"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/44947","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=44947"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/44947\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=44947"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=44947"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=44947"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}