Press ESC to close

Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners

Section Details
Threat Actors Unknown threat actors
Campaign Overview Exploitation of CVE-2024-50603 in Aviatrix Controller to deploy backdoors and cryptocurrency miners.
Target Regions (Victims) Cloud enterprise environments with Aviatrix Controller, particularly those deployed in AWS environments
Methodology • Attackers exploit CVE-2024-50603 to gain remote code execution.
• Use of cryptocurrency miners (XMRig) and the Sliver C2 framework for persistence and follow-on exploitation.
Product Targeted Aviatrix Controller cloud networking platform
Malware Reference XMRig (cryptocurrency miner), Sliver C2 framework
Tools Used • XMRig (cryptocurrency mining)
• Sliver C2 framework
Vulnerabilities Exploited CVE-2024-50603 (unauthenticated remote code execution due to improper input sanitization)
TTPs • Exploiting API endpoints to inject OS commands.
• Lateral movement towards administrative cloud control plane permissions.
• Privilege escalation in cloud environments.
Attribution Unknown
Recommendations • Apply patches immediately.
• Prevent public access to Aviatrix Controller.
• Hardening configurations and following best practices.
Source The Hackers News

Read full article: https://thehackernews.com/2025/01/hackers-exploit-aviatrix-controller.html

The above summary has been generated by an AI language model

Stay Updated with Our Newsletter

  

Source: TheHackersNews

Published on: January 16, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *