Yes hyperjacking attacks are real

For decades, security researchers have warned about virtualization software hacking techniques. Apparently a team has put it into practice.

Virtualization software offers a way to multiply computing efficiency by hosting entire collections of computers as "virtual machines" on a single computer. hyper virtualization

Security researchers have long warned about the potential dark side of this technology: theoretical "hyperjacking" and "blue pill" attacks, where hackers hijack virtualization to spy on and manipulate virtual machines, with no way to detect the intrusion. . This insidious spying eventually went from the research papers that brought the warnings to a mysterious hacker group that has carried out a bunch of hyperjacking attacks.

Today, Google-owned security company Mandiant and virtualization company VMware have published shared warnings that a sophisticated hacker group is installing backdoors in VMware's virtualization software. By planting their own code on the victims' so-called hypervisors—the VMware software that runs on a physical computer to manage all the virtual machines it hosts—the hackers were able to monitor and invisibly run commands on the computers overseen by those hypervisors.

esxi one fig1

And because the malicious code targets the hypervisor of the physical machine and not the virtual machines, the hacker's ploy avoids almost all traditional security measures designed to monitor these target machines.

Mandiant consultant Alex Marvi says his company discovered the hackers earlier this year and disclosed their practices to VMware. The researchers report that they have seen the group perform virtualization hacking – a technique historically called hyperjacking – on around 10 victim networks across North America and Asia.

Mandiant says the hackers have not been identified as any known group, but appear to be linked to China. The Best Technology Site in Greecefgns

Subscribe to Blog by Email

Subscribe to this blog and receive notifications of new posts by email.


Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).