MuddyWater APT is hunting down unprotected SysAid Server instances by abusing the Log4Shell vulnerability. It uses eHorus and Ligolo for C2 communication during the intrusion. Despite SysAid fixing the Log4Shell flaw after its disclosure, several organizations haven’t applied the patch yet.