Security News > 2022 > June > Mitel zero-day used by hackers in suspected ransomware attack
Hackers used a zero-day exploit on Linux-based Mitel MiVoice VOIP appliances for initial access in what is believed to be the beginning of a ransomware attack.
Mitel VOIP devices are used by critical organizations in various sectors for telephony services and were recently exploited by threat actors for high-volume DDoS amplification attacks.
Although the attack was stopped, CrowdStrike believes the zero-day was used as part of a ransomware attack.
The vulnerability lies in the Mitel Service Appliance component of MiVoice Connect, used in SA 100, SA 400, and Virtual SA, allowing an attacker to perform remote code execution in the context of the Service Appliance.
The threat actors used the vulnerability to create a reverse shell by leveraging FIFO pipes on the targeted Mitel device, sending outbound requests from within the compromised network.
BleepingComputer has contacted CrowdStrike asking why they believe it was a ransomware attack and will update this article with their response.
News URL
Related news
- North Korean govt hackers linked to Play ransomware attack (source)
- Massive PSAUX ransomware attack targets 22,000 CyberPanel instances (source)
- North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack (source)
- North Korean hackers pave the way for Play ransomware (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- City of Columbus: Data of 500,000 stolen in July ransomware attack (source)
- Columbus, Ohio, confirms 500K people affected by Rhysida ransomware attack (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Hackers increasingly use Winos4.0 post-exploitation kit in attacks (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)