admin 2024年3月9日14:05:56评论21 views字数 2329阅读7分45秒阅读模式


Threat actors have been observed leveraging the QEMU open-source hardware emulator as tunneling software during a cyber attack targeting an unnamed "large company" to connect to their infrastructure.


While a number of legitimate tunneling tools like Chisel, FRP, ligolo, ngrok, and Plink have been used by adversaries to their advantage, the development marks the first QEMU that has been used for this purpose.


"We found that QEMU supported connections between virtual machines: the -netdev option creates network devices (backend) that can then connect to the virtual machines," Kaspersky researchers Grigory Sablin, Alexander Rodchenko, and Kirill Magaskin said.

"我们发现QEMU支持虚拟机之间的连接:-netdev选项创建网络设备(后端),然后可以连接到虚拟机。" 卡巴斯基研究人员Grigory Sablin、Alexander Rodchenko和Kirill Magaskin说。

"Each of the numerous network devices is defined by its type and supports extra options."


In other words, the idea is to create a virtual network interface and a socket-type network interface, thereby allowing the virtual machine to communicate with any remote server.


The Russian cybersecurity company said it was able to use QEMU to set up a network tunnel from an internal host within the enterprise network that didn't have internet access to a pivot host with internet access, which connects to the attacker's server on the cloud running the emulator.



The findings show that threat actors are continuously diversifying their attack strategies to blend their malicious traffic with actual activity and meet their operational goals.


"Malicious actors using legitimate tools to perform various attack steps is nothing new to incident response professionals," the researchers said.

"利用合法工具执行各种攻击步骤的恶意行为者对事故响应专业人员来说并不新鲜。" 研究人员表示。

"This further supports the concept of multi-level protection, which covers both reliable endpoint protection, and specialized solutions for detecting and protecting against complex and targeted attacks including human-operated ones."







  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
  • 本文由 发表于 2024年3月9日14:05:56
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):


匿名网友 填写信息