Skip to main content

Hackers abuse QEMU to covertly tunnel network traffic in cyberattacks

posted onMarch 8, 2024
by l33tdawg
Bleeping Computer
Credit: Bleeping Computer

Malicious actors were detected abusing the open-source hypervisor platform QEMU as a tunneling tool in a cyberattack against a large company. QEMU is a free emulator and hypervisor that allows you to run other operating systems as guests on a computer.

As part of the attack, threat actors used QEMU to create virtual network interfaces and a socket-type network device to connect to a remote server. This allowed the threat actors to create a network tunnel from the victim's system to the attacker's server with negligible impact on system performance.

This unusual case, which highlights the diverse methods attackers use to remain stealthy, was discovered by Kaspersky analysts who were called to investigate suspicious activity in the breached company's systems.

Source

Tags

Security

You May Also Like

Recent News

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th