VMware Zero-Day Flaw Exploited by China-Based Hackers for Two Years
The latest findings have shown that Chinese nation-state actors have gained privileged access to the vCenter system.
- A Chinese nation-state threat actor exploited a high-severity vCenter Server vulnerability since at least late 2021.
- The hackers exploited the bug to target vCenter servers through compromised credentials to install backdoors on hosts.
VMware has warned customers that a high-severity vCenter Server vulnerability, CVE-2023-34048, is being exploited in the wild. The flaw was patched in October 2023, even for versions that reached end-of-life status, and the company has urged users to update to the latest version to mitigate the threat.
Technical details about the exploit have been available in public domains since early December 2023. It is estimated that several hundred vulnerable instances of VMware vCenter Servers are exposed to the internet and at risk.
See More: U.S. Federal Agencies Send Out Warnings About Androxgh0st Malware Botnet
Cybersecurity firm Mandiant has reported that the security flaw has been exploited by a Chinese cyber espionage group known as UNC3886 as early as late 2021. The threat actors have reportedly used the bug to target vCenter servers and use compromised credentials to set VirtualPie and VirtualPitabackdoors on ESXi hosts. This is enabled through vSphere Installation Bundles.
The hackers also used the CVE-2023-20867, a VMware Tools authentication bypass vulnerability, to access higher levels of privilege and exfiltrate files from guest virtual machines.
According to Mandiant, the hackers have primarily targeted platforms without Endpoint Detection and Response (EDR) capabilities. The threat actors have also exploited a Fortinet zero-day, compromising firewall devices to install Thincrust and Castletap backdoors, primarily hitting targets associated with the U.S. government.
The news highlights the growing role of nation-state actors in the cybersecurity environment and the need for businesses and government entities to invest resources in bolstering and maintaining security infrastructure.
Has your organization been affected by the VMware vulnerability? Let us know your thoughts on LinkedIn, X, or Facebook. We’d love to hear from you!
Image source: Shutterstock
LATEST NEWS STORIES
- Vulnerability Alert: Nine PixieFail UEFI Vulnerabilities Threaten the Firmware Supply Chain
- Google Continues With Layoffs in 2024, CEO Warns of Further Cuts Ahead
- Apple, Qualcomm, and AMD GPUs Susceptible To Putting Artificial Intelligence Data at Risk
- iShutdown Method Makes Finding Spyware on Apple iPhones Easier
