Rocket Kitten APT Exploit VMware RCE Vulnerabilities in Backdoor Distribution Campaigns

[vc_row pix_particles_check=”” nav_skin=”light” consent_include=”include”][vc_column][vc_column_text]It has been detected that the Iranian-connected Rocket Kitten threat actors have recently distributed “Core Impact” malware through an updated VMware RCE security vulnerability.

The vulnerability monitored by code CVE-2022-22954 and affecting VMware Workspace ONE Access and Identity Manager solutions cause RCE attacks that allow the threat actor to access with high privileges. Threat actors who use this vulnerability to access the target system then deploy the Core Impact Backdoor to memory using the PowerShell script called PowerTrash.[/vc_column_text][vc_empty_space height=”15px”][vc_single_image image=”11036″ img_size=”full” alignment=”center”][vc_column_text]The widespread use of VMware Identity Manager solutions and unlimited remote access to threat actors from this attack can lead to destructive breaches among industries.

In this context, it is recommended that users using vulnerable VMware products immediately apply the published updates to protect against attacks that can be carried out using the said vulnerability. In addition, it is important to prevent the IoC findings related to the campaign in question from the security solutions used.[/vc_column_text][vc_empty_space][/vc_column][/vc_row]

Share This: