- "기밀 VM의 빈틈을 메운다" 마이크로소프트의 오픈소스 파라바이저 '오픈HCL'란?
- The best early Black Friday AirPods deals: Shop early deals
- The 19 best Black Friday headphone deals 2024: Early sales live now
- I tested the iPad Mini 7 for a week, and its the ultraportable tablet to beat at $100 off
- The best Black Friday deals 2024: Early sales live now
Ransomware Gang Hacks VoIP for Initial Access
Threat actors exploited a vulnerability in a popular VoIP appliance to gain access to a victim’s corporate network, researchers have revealed.
A team at Arctic Wolf said that the unnamed organization was compromised by the Lorenz ransomware variant. The group apparently targeted the Mitel Service Appliance component of MiVoice Connect, via remote code execution bug CVE-2022-29499, to obtain a reverse shell.
The hackers then used open source TCP tunnelling tool Chisel to pivot into the network.
After waiting almost a month following initial access, the group then proceeded with lateral movement, data exfiltration via FileZilla, and encryption with BitLocker and Lorenz ransomware on ESXi systems.
Back in June, CrowdStrike wrote a blog detailing the Mitel vulnerability and a suspected ransomware intrusion attempt using the same CVE. Mitel has since patched this critical zero-day bug and urged all customers to apply the fix.
The case highlights the need for organizations to gain visibility and control over their entire distributed attack surface, Arctic Wolf argued.
“Monitoring just critical assets is not enough for organizations, security teams should monitor all externally facing devices for potential malicious activity, including VoIP and IoT devices. Threat actors are beginning to shift targeting to lesser known or monitored assets to avoid detection,” the vendor said.
“In the current landscape, many organizations heavily monitor critical assets, such as domain controllers and web servers, but tend to leave VoIP devices and IoT devices without proper monitoring, which enables threat actors to gain a foothold into an environment without being detected.”