A diagram depicts a cloud labeled "Internet" with an "AttackerServer" running Kali Linux. An arrow points to "PivotHost" in the "Enterprise Network." A screenshot shows Nmap scanning results with open ports 80, 139, and 445, indicating a potential threat. Text is displayed in a terminal window on the right.

Exploited as a routing device for a network of companies

NewsroomEndpoint Security / Network Security / Mar 08, 2024

During a cyberattack aimed at an unknown “large business,” risk actors have been spotted using the QEMU open-source equipment emulator as tunneling software.

The growth marks the second QEMU that has been employed for this purpose, despite the fact that adversaries have already used a number of reasonable tunneling equipment like Chisel, FRP, ligolo, products, and Plink.

According to Kaspersky researchers Grigory Sablin, Alexander Rodchenko, and Kirill Magaskin,” we found that QEMU supported connections between virtual machines: the -netdev option creates network devices ( backend ) that can then connect to the virtual machines.”

” Each of the various network equipment is specified by its variety and has options available.”

Cybersecurity

In other words, the goal is to create a virtual machine that can communicate with any remote server using a digital network interface and a socket-type networking software.

The Russian security firm claimed to be able to utilize QEMU to establish a system hole between the assailant’s server on the cloud running the emulator and an inner host in the enterprise network without internet access.

QEMU Emulator as Tunneling Tool

According to the findings, threat actors are constantly changing their attack tactics to blend in real-world threats and achieve operating objectives.

According to the researchers,” Malicious actors using genuine resources to carry out various attack ways is nothing new for experts in incident response.”

This further supports the idea of multi-level protection, which includes both trustworthy endpoint protection and specialized defenses against difficult and targeted attacks, including those carried out by humans.

I found this article to be fascinating. Following us on LinkedIn and Twitter to access more unique content.
Skip to content