Ransomware Gang Hacks VoIP for Initial Access

Security

Threat actors exploited a vulnerability in a popular VoIP appliance to gain access to a victim’s corporate network, researchers have revealed.

A team at Arctic Wolf said that the unnamed organization was compromised by the Lorenz ransomware variant. The group apparently targeted the Mitel Service Appliance component of MiVoice Connect, via remote code execution bug CVE-2022-29499, to obtain a reverse shell.

The hackers then used open source TCP tunnelling tool Chisel to pivot into the network.

After waiting almost a month following initial access, the group then proceeded with lateral movement, data exfiltration via FileZilla, and encryption with BitLocker and Lorenz ransomware on ESXi systems.

Back in June, CrowdStrike wrote a blog detailing the Mitel vulnerability and a suspected ransomware intrusion attempt using the same CVE. Mitel has since patched this critical zero-day bug and urged all customers to apply the fix.

The case highlights the need for organizations to gain visibility and control over their entire distributed attack surface, Arctic Wolf argued.

“Monitoring just critical assets is not enough for organizations, security teams should monitor all externally facing devices for potential malicious activity, including VoIP and IoT devices. Threat actors are beginning to shift targeting to lesser known or monitored assets to avoid detection,” the vendor said.

“In the current landscape, many organizations heavily monitor critical assets, such as domain controllers and web servers, but tend to leave VoIP devices and IoT devices without proper monitoring, which enables threat actors to gain a foothold into an environment without being detected.”

Products You May Like

Articles You May Like

Major Oilfield Supplier Hit by Ransomware Attack
IcePeony and Transparent Tribe Target Indian Entities with Cloud-Based Tools
Bitcoin Fog Founder Sentenced to 12 Years for Cryptocurrency Money Laundering
UK Regulator Urges Stronger Data Protection in AI Recruitment Tools
EU Ramps Up Cyber Resilience with Major Crisis Simulation Exercise

Leave a Reply

Your email address will not be published. Required fields are marked *