Section | Details |
---|---|
Threat Actors | Unknown threat actors |
Campaign Overview | Exploitation of CVE-2024-50603 in Aviatrix Controller to deploy backdoors and cryptocurrency miners. |
Target Regions (Victims) | Cloud enterprise environments with Aviatrix Controller, particularly those deployed in AWS environments |
Methodology | • Attackers exploit CVE-2024-50603 to gain remote code execution. • Use of cryptocurrency miners (XMRig) and the Sliver C2 framework for persistence and follow-on exploitation. |
Product Targeted | Aviatrix Controller cloud networking platform |
Malware Reference | XMRig (cryptocurrency miner), Sliver C2 framework |
Tools Used | • XMRig (cryptocurrency mining) • Sliver C2 framework |
Vulnerabilities Exploited | CVE-2024-50603 (unauthenticated remote code execution due to improper input sanitization) |
TTPs | • Exploiting API endpoints to inject OS commands. • Lateral movement towards administrative cloud control plane permissions. • Privilege escalation in cloud environments. |
Attribution | Unknown |
Recommendations | • Apply patches immediately. • Prevent public access to Aviatrix Controller. • Hardening configurations and following best practices. |
Source | The Hackers News |
Read full article: https://thehackernews.com/2025/01/hackers-exploit-aviatrix-controller.html
The above summary has been generated by an AI language model
Leave a Reply