Security News > 2024 > January > Russians invade Microsoft exec mail while China jabs at VMware vCenter Server
A VMware security vulnerability has been exploited by Chinese cyberspies since late 2021, according to Mandiant, in what has been a busy week for nation-state espionage news.
On Friday VMware confirmed CVE-2023-34048, a critical out-of-bounds write flaw in vCenter Server, was under active exploitation.
VMware did not respond to The Register's inquires about the scale of the years-long exploitation nor who was behind the attacks.
In June 2023, VMware fixed an authentication bypass vulnerability in VMware Tools that affected ESXi hypervisors - but not before UNC3886 had found and exploited the hole.
Mandiant is attributing intrusions via the vCenter Server hole to Beijing's spies after spotting similarities between those attacks and the ones against VMware Tools in June 2023.
The code would fail in the same way, whether it was vSphere or VMware Tools being exploited, leading Mandiant to believe it's the same group behind the attacks, based on the modus operandi.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/01/20/chinese_russia_vmware_microsoft/
Related news
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Microsoft fixes Office 365 apps crashing on Windows Server systems (source)
- Microsoft fixes Windows Server 2022 bug breaking device boot (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-25 | CVE-2023-34048 | Out-of-bounds Write vulnerability in VMWare Vcenter Server vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution. | 9.8 |