Project Hyphae

Critical VMware Vulnerability Being Used to Drop Ransomware and Miners

Share This Post

Critical vulnerability CVE-2022-22954, first publicized in April with a criticality score of 9.8, has been exploited in multiple malware campaigns recently. Fortinet recently published their findings on three of these campaigns, Mirai, RAR1Ransom, and GuardMiner.

The Mirai variant analyzed deploys¬†Denial of Service (DoS) and brute force attacks with pre-configured commonly used passwords, and also some default credentials for well-known IoT devices. The distribution of RAR1Ransom and GuardMiner is achieved by means of a PowerShell or a shell script, depending on the operating system. RAR1ransom is known for leveraging the legitimate “WinRAR” tool to lock files in password-protected archives, essentially ransoming their victims. Meanwhile, GuardMiner is a cross-platform mining Trojan, which has been active for at least two years and can harvest system resources to mine crypto-currency.

VMware patched this vulnerability in April, yet active exploitation is still underway in the wild. It is imperative that your organization’s infrastructure is patched regularly and on the lookout for any suspicious processes in the environment.

The original vulnerability is tracked here: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22954
To read Fortinet’s report on these recent campaigns, visit: https://www.fortinet.com/blog/threat-research/multiple-malware-campaigns-target-vmware-vulnerability

More To Explore

Information Security News 11-28-2022

Know Thy Enemy: Thinking Like a Hacker can Boost Cybersecurity Strategy Article Link: https://www.csoonline.com/article/3680371/know-thy-enemy-thinking-like-a-hacker-can-boost-cybersecurity-strategy.html 90% of Organizations Have Microsoft 365 Security Gaps Article Link: https://www.helpnetsecurity.com/2022/11/22/microsoft-365-security-protections/

Information Security News 11-21-2022

Transportation Sector Targeted by Both Ransomware and APTs Article Link: https://www.helpnetsecurity.com/2022/11/18/cybersecurity-trends-q3-2022/ Misconfigurations, Vulnerabilities Found in 95% of Applications Article Link: https://www.darkreading.com/application-security/misconfigurations-vulnerabilities-found-in-95-of-applications Electronics Repair Technicians Snoop

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.