Last updated on July 28th, 2022 at 12:43 am
It has been detected that the Iranian-connected Rocket Kitten threat actors have recently distributed “Core Impact” malware through an updated VMware RCE security vulnerability.
The vulnerability monitored by code CVE-2022-22954 and affecting VMware Workspace ONE Access and Identity Manager solutions cause RCE attacks that allow the threat actor to access with high privileges. Threat actors who use this vulnerability to access the target system then deploy the Core Impact Backdoor to memory using the PowerShell script called PowerTrash.
The widespread use of VMware Identity Manager solutions and unlimited remote access to threat actors from this attack can lead to destructive breaches among industries.
In this context, it is recommended that users using vulnerable VMware products immediately apply the published updates to protect against attacks that can be carried out using the said vulnerability. In addition, it is important to prevent the IoC findings related to the campaign in question from the security solutions used.