January 20, 2024 at 06:45AM
A China-linked cyber espionage group, UNC3886, exploited a zero-day vulnerability (CVE-2023-34048) in VMware vCenter Server, allowing privileged access and deployment of malware. These actions enable further exploitation of VMware flaws. VMware advises users to update to avoid potential threats. Additionally, UNC3886 utilized a Fortinet flaw (CVE-2022-41328) to implant malware, targeting firewall and virtualization technologies lacking EDR support.
Key takeaways from the meeting notes:
– UNC3886, a Chinese-nexus cyber espionage group, has been exploiting vulnerabilities in VMware vCenter Server, particularly CVE-2023-34048, with a high CVSS score of 9.8
– This zero-day vulnerability allowed unauthorized access to vCenter systems, enabling the deployment of malware and access to ESXi hosts
– The group also targeted Fortinet FortiOS software using CVE-2022-41328 to execute arbitrary commands and exfiltrate sensitive data
– The attacks focus on firewall and virtualization technologies due to the lack of support for endpoint detection and response solutions
– VMware vCenter Server users are strongly advised to update to the latest version to mitigate potential threats
These are the main points distilled from the meeting notes.