Monday, December 5, 2022
Home TECH Mysterious hackers are "hyperhijacking" targets for insidious espionage

Mysterious hackers are “hyperhijacking” targets for insidious espionage

Marco Rosario Venturini Autieri/Getty Images

For decades, virtualization software has offered a way to vastly multiply the efficiency of computers by hosting entire collections of computers as “virtual machines” on a single physical machine. And for almost as long, security researchers have warned about the potential dark side of that technology: theoretical “hyperjacking” and “Blue Pill” attacks, where hackers hijack virtualization to spy on and manipulate virtual machines, without possibility of a target computer. to detect the intrusion. That insidious espionage finally jumped from investigative papers to reality with warnings that a mysterious team of hackers has carried out a series of “hyper-hijacking” attacks in the wild.

Today, Google-owned security firm Mandiant and virtualization firm VMware jointly issued warnings that a sophisticated group of hackers has been installing backdoors into VMware’s virtualization software on multi-target networks as part of a apparent espionage campaign. By planting their own code in so-called victim hypervisors, VMware software that runs on a physical computer to manage all the virtual machines it hosts, the hackers were able to invisibly observe and execute commands on the computers monitoring those machines. hypervisors. And because the malicious code targets the hypervisor on the physical machine rather than the victim’s virtual machines, the hackers’ trick multiplies their access and evades almost all traditional security measures designed to monitor those target machines for malware. of foul play signs.

“The idea that you can compromise a machine and from there have the ability to control virtual machines mass it’s huge,” says Mandiant consultant Alex Marvi. And even looking closely at a target virtual machine’s processes, he says, an observer would in many cases only see “side effects” of the intrusion, since the malware doing that eavesdropping had infected a part of the system entirely outside of its control. functioning. system.

Mandiant discovered the hackers earlier this year and brought their techniques to VMware’s attention. Researchers say they have seen the group carry out its virtualization hacking, a technique historically called hyperjacking in reference to “hypervisor hijacking,” on fewer than 10 victim networks in North America and Asia. The client notes that the hackers, who have not been identified as any known group, appear to be linked to China. But the company gives that claim only a “low confidence” rating, explaining that the assessment is based on an analysis of the group’s victims and some similarities between its code and that of other known malware.



Elon Musk says Twitter will give ‘amnesty’ to suspended accounts starting next week

If Twitter looks like a garbage fire right now, just wait. CEO Elon Musk announced a blanket pardon for nearly all suspended accounts...

Officials Seek Fixes For Exploding E-Bike Batteries – NPR

Electric bicycles are becoming fashionable. But damaged or improperly charged batteries can explode and start deadly fires,...


Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular

Georgia Supreme Court reinstates state ban on abortions after about six weeks of pregnancy

Georgia Supreme Court reinstates state ban on abortions after about six weeks of pregnancy

Adderall and amoxicillin shortages raise questions about transparency at Big Pharma

Critical shortages of the ADHD drug Adderall and the antibiotic amoxicillin have left families reeling as the medications their loved ones need become harder...

Humberside Police judged ‘outstanding’ five years after being classified as failing | politics

A police force has gone from being classified as a failure five years ago to receiving the highest ratings in the modern era from...

Readers discuss Trump devotees, Republican love of guns and healthy eating – New York Daily News

Medford, LI: On successive news days this Thanksgiving week, I read that US Attorney General Merrick Garland has appointed a special prosecutor to investigate...