Security News > 2022 > June > Hackers Exploit Mitel VoIP Zero-Day in Likely Ransomware Attack
A suspected ransomware intrusion against an unnamed target leveraged a Mitel VoIP appliance as an entry point to achieve remote code execution and gain initial access to the environment.
The findings come from cybersecurity firm CrowdStrike, which traced the source of the attack to a Linux-based Mitel VoIP device sitting on the network perimeter, while also identifying a previously unknown exploit as well as a couple of anti-forensic measures adopted by the actor on the device to erase traces of their actions.
The exploit in question is tracked as CVE-2022-29499 and was fixed by Mitel in April 2022.
In the incident investigated by CrowdStrike, the attacker is said to have used the exploit to create a reverse shell, utilizing it to launch a web shell on the VoIP appliance and download the open source Chisel proxy tool.
The disclosure arrives less than two weeks after German penetration testing firm SySS revealed two flaws in Mitel 6800/6900 desk phones that, if successfully exploited, could allow an attacker to gain root privileges on the devices.
"Timely patching is critical to protect perimeter devices. However, when threat actors exploit an undocumented vulnerability, timely patching becomes irrelevant," CrowdStrike researcher Patrick Bennett said.
News URL
https://thehackernews.com/2022/06/hackers-exploit-mitel-voip-zero-day-bug.html
Related news
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells (source)
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)
- Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- 7-Zip MotW bypass exploited in zero-day attacks against Ukraine (source)
- Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware (source)
- Hackers Exploiting SimpleHelp RMM Flaws for Persistent Access and Ransomware (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-26 | CVE-2022-29499 | Improper Input Validation vulnerability in Mitel Mivoice Connect The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. | 9.8 |