Security News > 2022 > June > Mitel zero-day used by hackers in suspected ransomware attack
Hackers used a zero-day exploit on Linux-based Mitel MiVoice VOIP appliances for initial access in what is believed to be the beginning of a ransomware attack.
Mitel VOIP devices are used by critical organizations in various sectors for telephony services and were recently exploited by threat actors for high-volume DDoS amplification attacks.
Although the attack was stopped, CrowdStrike believes the zero-day was used as part of a ransomware attack.
The vulnerability lies in the Mitel Service Appliance component of MiVoice Connect, used in SA 100, SA 400, and Virtual SA, allowing an attacker to perform remote code execution in the context of the Service Appliance.
The threat actors used the vulnerability to create a reverse shell by leveraging FIFO pipes on the targeted Mitel device, sending outbound requests from within the compromised network.
BleepingComputer has contacted CrowdStrike asking why they believe it was a ransomware attack and will update this article with their response.
News URL
Related news
- VPN vulnerabilities, weak credentials fuel ransomware attacks (source)
- Bologna FC confirms data breach after RansomHub ransomware attack (source)
- Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Vodka maker Stoli files for bankruptcy in US after ransomware attack (source)
- Japan warns of IO-Data zero-day router flaws exploited in attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Mitel MiCollab zero-day flaw gets proof-of-concept exploit (source)
- Mitel MiCollab zero-day and PoC exploit unveiled (source)