Ransomware Group

Night Sky

Also known as: NightSky

Status: inactive • First seen 2021-12100+ known victims

Night Sky jumped on the famous Log4j bug that affected millions of servers. They used this vulnerability to attack VMware servers before most companies could patch them.

Overview

Night Sky was a ransomware operation that gained notoriety for exploiting the Log4j vulnerability (CVE-2021-44228) to compromise VMware Horizon servers.

Target Industries

Technology, Corporate, Manufacturing, Healthcare

How They Attack

  • Log4j exploitation
  • VMware targeting
  • Double extortion
  • Rapid exploitation

Notable Victims

VMware Horizon servers (2022), Technology companies

Is your business exposed?

How to Protect Against Night Sky

  1. 1.

    Ensure Log4j is fully patched everywhere

  2. 2.

    Audit VMware Horizon deployments

  3. 3.

    Implement vulnerability scanning

MITRE ATT&CK Techniques

T1190, T1486, T1567, T1059

Related Groups

Def Con

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices