{"id":45355,"date":"2022-02-18T15:39:26","date_gmt":"2022-02-18T15:39:26","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/33124\/VMware-Horizon-Servers-Are-Under-Attack-By-Iranian-State-Hackers.html"},"modified":"2022-02-18T15:39:26","modified_gmt":"2022-02-18T15:39:26","slug":"vmware-horizon-servers-are-under-attack-by-iranian-state-hackers","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/vmware-horizon-servers-are-under-attack-by-iranian-state-hackers\/","title":{"rendered":"VMware Horizon Servers Are Under Attack By Iranian State Hackers"},"content":{"rendered":"<figure class=\"intro-image intro-left\"> <img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2022\/02\/iran-hack-800x534.jpeg\" alt=\"Stylized version of Iranian flag made of ones and zeroes.\"><figcaption class=\"caption\"><\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"> <a title=\"27 posters participating, including story author\" class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/information-technology\/2022\/02\/iranian-state-hackers-are-using-log4shell-to-infect-unpatched-vmware-servers\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">32<\/span> <span class=\"visually-hidden\"> with 27 posters participating, including story author<\/span> <\/a> <\/p>\n<div class=\"share-links\">\n<h4>Share this story<\/h4>\n<\/p><\/div>\n<\/aside>\n<p> <!-- cache miss 453:single\/related:000c144c95197722d141d9909720fbb1 --><!-- empty --><\/p>\n<p>Hackers aligned with the government of Iran are exploiting the critical Log4j vulnerability to infect unpatched VMware users with ransomware, researchers said on Thursday.<\/p>\n<p>Security firm SentinelOne has dubbed the group TunnelVision. The name is meant to emphasize TunnelVision\u2019s heavy reliance on tunneling tools and the unique way it deploys them. In the past, TunnelVision has exploited so-called 1-day vulnerabilities\u2014meaning vulnerabilities that have been recently patched\u2014to hack organizations that have yet to install the fix. Vulnerabilities in Fortinet FortiOS (CVE-2018-13379) and Microsoft Exchange (ProxyShell) are two of the group\u2019s better-known targets.<\/p>\n<h2>Enter Log4Shell<\/h2>\n<p>Recently, SentinelOne reported, TunnelVision has started exploiting a critical vulnerability in Log4j, an open source logging utility that\u2019s integrated into thousands of apps. CVE-2021-44228 (or Log4Shell, as the vulnerability is tracked or nicknamed) allows attackers to easily gain remote control over computers running apps in the Java programming language. The bug bit the <a href=\"https:\/\/arstechnica.com\/information-technology\/2021\/12\/the-critical-log4shell-zero-day-affects-a-whos-who-of-big-cloud-services\/\">Internet\u2019s biggest players<\/a> and was widely <a href=\"https:\/\/arstechnica.com\/information-technology\/2021\/12\/hackers-launch-over-840000-attacks-through-log4j-flaw\/\">targeted in the wild<\/a> after it became known.<\/p>\n<p>The SentinelOne research shows that the targeting continues and that this time the target is organizations running VMware Horizon, a desktop and app virtualization product that runs on Windows, macOS, and Linux.<\/p>\n<p>\u201cTunnelVision attackers have been actively exploiting the vulnerability to run malicious PowerShell commands, deploy backdoors, create backdoor users, harvest credentials, and perform lateral movement,\u201d company researchers Amitai Ben Shushan Ehrlich and Yair Rigevsky <a href=\"https:\/\/www.sentinelone.com\/labs\/log4j2-in-the-wild-iranian-aligned-threat-actor-tunnelvision-actively-exploiting-vmware-horizon\/\">wrote in a post<\/a>. \u201cTypically, the threat actor initially exploits the Log4j vulnerability to run PowerShell commands directly, and then runs further commands by means of PS reverse shells, executed via the Tomcat process.\u201d<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<p>Apache Tomcat is an open source Web server that VMware and other enterprise software use to deploy and serve Java-based Web apps. Once installed, a shell allows the hackers to remotely execute commands of their choice on exploited networks. The PowerShell used here appears to be a variant of <a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Shells\/Invoke-PowerShellTcpOneLine.ps1\">this<\/a> publicly available one. Once it\u2019s installed, TunnelVision members use it to:<\/p>\n<ul>\n<li>Execute reconnaissance commands<\/li>\n<li>Create a backdoor user and adding it to the network administrators group<\/li>\n<li>Harvest credentials using ProcDump, SAM hive dumps, and comsvcs MiniDump<\/li>\n<li>Download and run tunneling tools, including Plink and Ngrok, which are used to tunnel remote desktop protocol traffic<\/li>\n<\/ul>\n<p>The hackers use multiple legitimate services to achieve and obscure their activities. Those services include:<\/p>\n<ul>\n<li>transfer.sh<\/li>\n<li>pastebin.com<\/li>\n<li>webhook.site<\/li>\n<li>ufile.io<\/li>\n<li>raw.githubusercontent.com<\/li>\n<\/ul>\n<p>People who are trying to determine if their organization is affected should look for unexplained outgoing connections to these legitimate public services.<\/p>\n<h2>Tunnels, minerals, and kittens<\/h2>\n<p>Thursday\u2019s report said that TunnelVision overlaps with several threat groups exposed by other researchers over the years. Microsoft has dubbed one group Phosphorous. The group, Microsoft has reported, has tried to <a href=\"https:\/\/arstechnica.com\/tech-policy\/2019\/10\/microsoft-says-iranian-hackers-tried-to-hack-a-us-presidential-campaign\/\">hack a US presidential campaign<\/a> and to install ransomware in an attempt to generate revenue or disrupt adversaries. The federal government has also said Iranian hackers had been <a href=\"https:\/\/arstechnica.com\/gadgets\/2021\/11\/beware-of-iranian-government-backed-hackers-waging-ransomware-us-warns\/\">targetting critical infrastructure<\/a> in the US with ransomware.<\/p>\n<p>SentinelOne said that TunnelVision also overlaps with two threat groups security firm CrowdStrike tracks as Charming Kitten and Nemesis Kitten.<\/p>\n<p>\u201cWe track this cluster separately under the name \u2018TunnelVision,\u2019\u201d the SentinelOne researchers wrote. \u201cThis does not imply we believe they are necessarily unrelated, only that there is at present insufficient data to treat them as identical to any of the aforementioned attributions.\u201d<\/p>\n<p>The post provides a list of indicators that admins can use to determine if they\u2019ve been compromised.<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/33124\/VMware-Horizon-Servers-Are-Under-Attack-By-Iranian-State-Hackers.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":45356,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[9868],"class_list":["post-45355","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehackergovernmentflawcyberwariran"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>VMware Horizon Servers Are Under Attack By Iranian State Hackers 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/vmware-horizon-servers-are-under-attack-by-iranian-state-hackers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"VMware Horizon Servers Are Under Attack By Iranian State Hackers 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/vmware-horizon-servers-are-under-attack-by-iranian-state-hackers\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-02-18T15:39:26+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2022\/02\/iran-hack-800x534.jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmware-horizon-servers-are-under-attack-by-iranian-state-hackers\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmware-horizon-servers-are-under-attack-by-iranian-state-hackers\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"VMware Horizon Servers Are Under Attack By Iranian State Hackers\",\"datePublished\":\"2022-02-18T15:39:26+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmware-horizon-servers-are-under-attack-by-iranian-state-hackers\\\/\"},\"wordCount\":602,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmware-horizon-servers-are-under-attack-by-iranian-state-hackers\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/02\\\/vmware-horizon-servers-are-under-attack-by-iranian-state-hackers.jpg\",\"keywords\":[\"headline,hacker,government,flaw,cyberwar,iran\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmware-horizon-servers-are-under-attack-by-iranian-state-hackers\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmware-horizon-servers-are-under-attack-by-iranian-state-hackers\\\/\",\"name\":\"VMware Horizon Servers Are Under Attack By Iranian State Hackers 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmware-horizon-servers-are-under-attack-by-iranian-state-hackers\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmware-horizon-servers-are-under-attack-by-iranian-state-hackers\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/02\\\/vmware-horizon-servers-are-under-attack-by-iranian-state-hackers.jpg\",\"datePublished\":\"2022-02-18T15:39:26+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmware-horizon-servers-are-under-attack-by-iranian-state-hackers\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmware-horizon-servers-are-under-attack-by-iranian-state-hackers\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmware-horizon-servers-are-under-attack-by-iranian-state-hackers\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/02\\\/vmware-horizon-servers-are-under-attack-by-iranian-state-hackers.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/02\\\/vmware-horizon-servers-are-under-attack-by-iranian-state-hackers.jpg\",\"width\":800,\"height\":534},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmware-horizon-servers-are-under-attack-by-iranian-state-hackers\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,government,flaw,cyberwar,iran\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackergovernmentflawcyberwariran\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"VMware Horizon Servers Are Under Attack By Iranian State Hackers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"VMware Horizon Servers Are Under Attack By Iranian State Hackers 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/vmware-horizon-servers-are-under-attack-by-iranian-state-hackers\/","og_locale":"en_US","og_type":"article","og_title":"VMware Horizon Servers Are Under Attack By Iranian State Hackers 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/vmware-horizon-servers-are-under-attack-by-iranian-state-hackers\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-02-18T15:39:26+00:00","og_image":[{"url":"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2022\/02\/iran-hack-800x534.jpeg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/vmware-horizon-servers-are-under-attack-by-iranian-state-hackers\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/vmware-horizon-servers-are-under-attack-by-iranian-state-hackers\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"VMware Horizon Servers Are Under Attack By Iranian State Hackers","datePublished":"2022-02-18T15:39:26+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/vmware-horizon-servers-are-under-attack-by-iranian-state-hackers\/"},"wordCount":602,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/vmware-horizon-servers-are-under-attack-by-iranian-state-hackers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/02\/vmware-horizon-servers-are-under-attack-by-iranian-state-hackers.jpg","keywords":["headline,hacker,government,flaw,cyberwar,iran"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/vmware-horizon-servers-are-under-attack-by-iranian-state-hackers\/","url":"https:\/\/www.threatshub.org\/blog\/vmware-horizon-servers-are-under-attack-by-iranian-state-hackers\/","name":"VMware Horizon Servers Are Under Attack By Iranian State Hackers 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/vmware-horizon-servers-are-under-attack-by-iranian-state-hackers\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/vmware-horizon-servers-are-under-attack-by-iranian-state-hackers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/02\/vmware-horizon-servers-are-under-attack-by-iranian-state-hackers.jpg","datePublished":"2022-02-18T15:39:26+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/vmware-horizon-servers-are-under-attack-by-iranian-state-hackers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/vmware-horizon-servers-are-under-attack-by-iranian-state-hackers\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/vmware-horizon-servers-are-under-attack-by-iranian-state-hackers\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/02\/vmware-horizon-servers-are-under-attack-by-iranian-state-hackers.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/02\/vmware-horizon-servers-are-under-attack-by-iranian-state-hackers.jpg","width":800,"height":534},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/vmware-horizon-servers-are-under-attack-by-iranian-state-hackers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,government,flaw,cyberwar,iran","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackergovernmentflawcyberwariran\/"},{"@type":"ListItem","position":3,"name":"VMware Horizon Servers Are Under Attack By Iranian State Hackers"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/45355","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=45355"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/45355\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/45356"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=45355"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=45355"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=45355"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}