Security News > 2022 > June > Mitel zero-day used by hackers in suspected ransomware attack
Hackers used a zero-day exploit on Linux-based Mitel MiVoice VOIP appliances for initial access in what is believed to be the beginning of a ransomware attack.
Mitel VOIP devices are used by critical organizations in various sectors for telephony services and were recently exploited by threat actors for high-volume DDoS amplification attacks.
Although the attack was stopped, CrowdStrike believes the zero-day was used as part of a ransomware attack.
The vulnerability lies in the Mitel Service Appliance component of MiVoice Connect, used in SA 100, SA 400, and Virtual SA, allowing an attacker to perform remote code execution in the context of the Service Appliance.
The threat actors used the vulnerability to create a reverse shell by leveraging FIFO pipes on the targeted Mitel device, sending outbound requests from within the compromised network.
BleepingComputer has contacted CrowdStrike asking why they believe it was a ransomware attack and will update this article with their response.
News URL
Related news
- North Korean govt hackers linked to Play ransomware attack (source)
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Ransomware attack forces UMC Health System to divert some patients (source)
- Rackspace monitoring data stolen in ScienceLogic zero-day attack (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Qualcomm patches high-severity zero-day exploited in attacks (source)
- Ivanti warns of three more CSA zero-days exploited in attacks (source)
- Mozilla fixes Firefox zero-day actively exploited in attacks (source)
- Firefox Zero-Day Under Attack: Update Your Browser Immediately (source)