"Ransomware Attackers Are Abusing VoIP Software to Breach Organizations"

Arctic Wolf Labs' cybersecurity researchers have issued a warning about CVE-2022-29499, a Remote Code Execution (RCE) vulnerability discovered in Mitel MiVoice VoIP appliances that is being exploited by the Lorenz ransomware gang threat actor to attack specific companies. The researchers did not name any specific companies that were targeted, but they did explain that the initial malicious activity was initiated by a Mitel appliance located on the network's perimeter. Lorenz obtained a reverse shell by exploiting the RCE vulnerability affecting the Mitel Service Appliance component of MiVoice Connect, and then used Chisel as a tunneling tool to pivot into the environment. If hackers are looking for vulnerable Mitel VoIP products, they appear to have a plethora of companies to choose from, with the devices used by organizations in critical sectors all over the world. Mitel issued a patch for the vulnerability in early June 2022, which means that threat actors are now targeting companies that are not as proactive in keeping their systems up to date. If the Lorenz ransomware group successfully breaches a target network, the researchers warn that it will attempt to install the BitLocker ransomware. This article continues to discuss the abuse of an RCE flaw in VoIP software by the Lorenz ransomware gang to breach organizations and achieve initial access.

TechRadar reports "Ransomware Attackers Are Abusing VoIP Software to Breach Organizations"