NSA Warns Russian Hackers are Exploiting Vulnerability Found in VMware

The National Security Agency warned that alleged Russian state hackers are exploiting multiple VMware systems which allows them to install malware, steal sensitive data, and control remote work platforms.

The National Security Agency released an advisory warning that alleged Russian state hackers are exploiting multiple VMware systems which allows them to install malware, steal sensitive data, and control remote work platforms.

The NSA advisory did not name the specific hacking group behind the attacks but said it was composed of “Russian state-sponsored malicious cyber actors.” 

The said attacks were the result of CVE-2020-4006, an unpatched security bug, a command-injection flaw, that allows outside networks to execute commands of their choice on the operating system running the vulnerable software.

The vulnerability was caused by a code in the bug that fails to filter unsafe user input such as HTTP headers or cookies.

The alleged Russian hackers used the vulnerability to upload a Web shell that gives a persistent interface for running server commands to breach the active directory which allows them to create accounts, change passwords, and carry out other highly privileged tasks.

The NSA said in the advisory that  it “encourages National Security System (NSS), Department of Defense (DOD), and Defense Industrial Base (DIB) network administrators to prioritize mitigation of the vulnerability on affected servers.”

VMware announced that they have responded to the issue and provided the appropriate updates and patches.

VMware added that all customers should apply the latest product updates, security patches, and mitigations made available for their specific environment as soon as possible.


© Fourth Estate® — All Rights Reserved.
This material may not be published, broadcast, rewritten or redistributed.