In recent years, cybersecurity has become a paramount concern, and it’s no surprise given the persistent and cunning nature of cyber threats. One such threat actor that has caught the attention of security experts is Mimo, also known as Hezb, a coin miner threat actor. AhnLab Security Intelligence Center (ASEC) has been closely monitoring Mimo’s activities since its discovery in March 2022 when they exploited the Log4Shell vulnerability. However, what sets Mimo apart is its diverse range of malicious tools and tactics.
Mimo’s initial foray into the cyber world was through the exploitation of the Log4Shell vulnerability (CVE-2021-44228). This remote code execution vulnerability, present in the Java-based logging utility Log4j, allowed Mimo to execute Java objects remotely. Despite the patches released, Mimo continues to target vulnerable systems, particularly those running VMware Horizon.