Security News > 2022 > June > Mitel zero-day used by hackers in suspected ransomware attack
Hackers used a zero-day exploit on Linux-based Mitel MiVoice VOIP appliances for initial access in what is believed to be the beginning of a ransomware attack.
Mitel VOIP devices are used by critical organizations in various sectors for telephony services and were recently exploited by threat actors for high-volume DDoS amplification attacks.
Although the attack was stopped, CrowdStrike believes the zero-day was used as part of a ransomware attack.
The vulnerability lies in the Mitel Service Appliance component of MiVoice Connect, used in SA 100, SA 400, and Virtual SA, allowing an attacker to perform remote code execution in the context of the Service Appliance.
The threat actors used the vulnerability to create a reverse shell by leveraging FIFO pipes on the targeted Mitel device, sending outbound requests from within the compromised network.
BleepingComputer has contacted CrowdStrike asking why they believe it was a ransomware attack and will update this article with their response.
News URL
Related news
- Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack (source)
- Hackers target FCC, crypto firms in advanced Okta phishing attacks (source)
- Hackers steal Windows NTLM authentication hashes in phishing attacks (source)
- Fidelity customers' financial info feared stolen in suspected ransomware attack (source)
- Fidelity customers' financial info feared stolen in suspected ransomware attack (source)
- Apple fixes two new iOS zero-days exploited in attacks on iPhones (source)
- Alert: GhostSec and Stormous Launch Joint Ransomware Attacks in Over 15 Countries (source)
- Duvel says it has "more than enough" beer after ransomware attack (source)
- Hackers impersonate U.S. government agencies in BEC attacks (source)
- FBI: Critical infrastructure suffers spike in ransomware attacks (source)