March 8, 2024 at 03:45AM
Threat actors are using the QEMU open-source hardware emulator for tunneling during cyber attacks, marking the first known use of QEMU for this purpose. Kaspersky researchers discovered that QEMU enables creating virtual network interfaces, allowing communication with remote servers. This tactic demonstrates the evolving strategies of threat actors to blend malicious traffic with legitimate activity.
Key takeaways from the meeting notes on Newsroom Endpoint Security / Network Security:
– Threat actors are using the QEMU open-source hardware emulator as tunneling software for cyber attacks on large companies, marking the first instance of QEMU being used for this purpose.
– Kaspersky researchers have discovered that QEMU supports connections between virtual machines, enabling the creation of virtual network interfaces and socket-type network interfaces for communication with remote servers.
– The use of legitimate tools by malicious actors to blend their traffic with actual activity demonstrates the need for multi-level protection to detect and protect against complex and targeted attacks.
For more information, feel free to follow the company on Twitter and LinkedIn for exclusive content.