![]() ![]() Mandiant shared their findings with VMware, who reported, “…a new variant of malware targeting vSphere was discovered in an environment where threat actors may have used operational security weaknesses to compromise a mutual customer.” Further, “Mandiant found no evidence that a vulnerability in a VMware product was exploited to gain access to ESXi during their investigations.” Authentication and Authorization Execute arbitrary commands from one guest VM to another guest VM running on the same hypervisor.Tamper with logging services on the hypervisor.Transfer files between the ESXi hypervisor and guest machines running on it.Send commands to the hypervisor that can be routed to the guest VM for execution.Maintain persistent administrative access to the hypervisor.As reported by Mandiant, the threat actor was able to take the following actions: The attack targets VMware’s ESXi hypervisor, Virtual Center appliance, and Windows virtual machines. For many years this type of attack wasn’t on the radar of hackers – perhaps there was easier money to be made through more traditional malware methods? However, recently a hyperjacking attack has been identified by threat intelligence vendor Mandiant. Hyperjacking involves an attacker taking control of the hypervisor, thereby taking command and control of the virtual machines, as depicted in Figure 2. A hypervisor is software installed on a physical host server that can virtually share its memory and processing resources for use by multiple virtual machines, as shown in Figure 1.įigure 1: Hypervisor-based virtualization It is a blend of hypervisor and hijacking. Hyperjacking is a term you may not have come across. In the rapidly evolving world of information security, attack vectors, and cyberattacks, there is a regular cadence of new industry terms to grapple with.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |