Ransomware group AvosLocker makes use of unpatched VMWare software with Log4Shell vulnerability. Cisco Talos analyzed activity going back to Feb. 7 and found four vulnerabilities associated with the vulnerability. The group has targeted victims across multiple critical infrastructure sectors in the U.S., including financial services, critical manufacturing and government. The threat actors used “living off the land” binaries, meaning they used legitimate operating system local tools for malicious purposes. The researchers also observed payloads and malicious tools on endpoints.”]
Source: https://www.cuinfosecurity.com/ransomware-gang-uses-log4shell-a-19451