The attackers have used Cobalt Strike, Sliver, and several commercially available network scanners. They targeted an ESXi server exposed over VMWare Horizon UAG by exploiting the Log4Shell flaw.
Support the originator by clicking the read the rest link below.