Security News > 2020 > December > NSA Warns Russian Hacker Exploiting VMware Bug to Breach Corporate Networks
The US National Security Agency on Monday issued an advisory warning that Russian threat actors are leveraging recently disclosed VMware vulnerability to install malware on corporate systems and access protected data.
Specifics regarding the identities of the threat actor exploiting the VMware flaw or when these attacks started were not disclosed.
The development comes two weeks after the virtualization software company publicly disclosed the flaw-affecting VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector products for Windows and Linux-without releasing a patch and three days after releasing a software update to fix it.
In late November, VMware pushed temporary workarounds to address the issue, stating permanent patches for the flaw were "Forthcoming." But it wasn't until December 3rd the escalation-of-privileges bug was entirely resolved.
Although VMware didn't explicitly mention the bug was under active exploitation in the wild, according to the NSA, adversaries are now leveraging the flaw to launch attacks to pilfer protected data and abuse shared authentication systems.
News URL
Related news
- Orange Group confirms breach after hacker leaks company documents (source)
- Silk Typhoon hackers now target IT supply chains to breach networks (source)
- Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits (source)
- Live Ransomware Demo: See How Hackers Breach Networks and Demand a Ransom (source)
- Oracle denies breach after hacker claims theft of 6 million data records (source)
- Ex-NSA boss: Election security focus helped dissuade increase in Russian meddling with US (source)
- Chinese Hackers Breach Asian Telecom, Remain Undetected for Over 4 Years (source)
- Update VMware Tools for Windows Now: High-Severity Flaw Lets Hackers Bypass Authentication (source)
- StreamElements discloses third-party data breach after hacker leaks data (source)
- Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp (source)