1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • VMware virtualization software is being hijacked to spy on busine

    From TechnologyDaily@1337:1/100 to All on Fri Sep 30 14:15:04 2022
    VMware virtualization software is being hijacked to spy on businesses

    Date:
    Fri, 30 Sep 2022 13:08:02 +0000

    Description:
    VMwares ESXi hypervisors compromised, researchers are warning, urging businesses to tighten up on security.

    FULL STORY ======================================================================

    Criminals have managed to compromise VMwares ESXi hypervisors and gain access to countless virtual machines , meaning they can spy on numerous businesses using the hardware without those businesses ever knowing theyre being spied upon.

    The warning was given out by cyber threat intelligence firm Mandiant,
    together with virtualization firm VMware.

    According to the two companies, unknown threat actors with possible ties to China, installed two malicious programs on bare-metal hypervisors, using vSphere Installation Bundles. They named them VirtualPita and VirtualPie
    (Pita also means pie in some Slavic languages). Furthermore, they discovered
    a unique malware/dropper dubbed VirtualGate. No vulnerability

    Whats important to note is that the attackers did not find a zero-day, or exploit a different, known vulnerability. Instead, they used admin-level access to the ESXi hypervisors to install their tools.

    Speaking to WIRED , VMware said that while there is no VMware vulnerability involved, we are highlighting the need for strong operational security practices that include secure credential management and network security.

    VMware also said it prepared a hardening guide for VMware setup admins, that should help them protect against this type of attack. Read more

    Is it time to give KVM hypervisor a go?



    Citrix confirms its VM software will run Windows 11, eventually



    We've rounded up the best virtual desktop services around

    The threat actor is tracked as UNC3886. The researchers are saying that while it does show some signs of being a Chinese-based group (the victims are the same as for some other Chinese groups; there are certain similarities in the malware code and other known malicious programs), they cant confirm, with absolute certainty, that that is the case.

    The attack allows the threat actors to maintain persistent admin access to
    the hypervisor, send commands to the endpoint that will be routed to the
    guest VM for execution, steal files between the ESXi hypervisor and guest machines running underneath it, make changes to the logging services on the hypervisor, and execute arbitrary commands from one guest VM to another guest VM, as long as theyre on the same hypervisor. Check out the best firewalls around

    Via: Wired



    ======================================================================
    Link to news story: https://www.techradar.com/news/vmware-virtualization-software-is-being-hijacke d-to-spy-on-businesses/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)