Security News > 2024 > January > Russians invade Microsoft exec mail while China jabs at VMware vCenter Server
A VMware security vulnerability has been exploited by Chinese cyberspies since late 2021, according to Mandiant, in what has been a busy week for nation-state espionage news.
On Friday VMware confirmed CVE-2023-34048, a critical out-of-bounds write flaw in vCenter Server, was under active exploitation.
VMware did not respond to The Register's inquires about the scale of the years-long exploitation nor who was behind the attacks.
In June 2023, VMware fixed an authentication bypass vulnerability in VMware Tools that affected ESXi hypervisors - but not before UNC3886 had found and exploited the hole.
Mandiant is attributing intrusions via the vCenter Server hole to Beijing's spies after spotting similarities between those attacks and the ones against VMware Tools in June 2023.
The code would fail in the same way, whether it was vSphere or VMware Tools being exploited, leading Mandiant to believe it's the same group behind the attacks, based on the modus operandi.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/01/20/chinese_russia_vmware_microsoft/
Related news
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- U.S. and Microsoft Seize 107 Russian Domains in Major Cyber Fraud Crackdown (source)
- US Government, Microsoft Aim to Disrupt Russian threat actor ‘Star Blizzard’ (source)
- Microsoft fixes Remote Desktop issues caused by Windows Server update (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-25 | CVE-2023-34048 | Out-of-bounds Write vulnerability in VMWare Vcenter Server vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution. | 9.8 |