For decades, the researchers security agencies warned of hacking techniques software virtualization. As it seems a team he has put it into practice.
Virtualization software offers a way to multiply computing efficiency by hosting entire collections of computers as “virtual machines” on a single computer.
Security researchers have long warned about the potential dark side of this technology: theoretical attacks “hyperjacking” and “Blue Pill”, where hackers hijack virtualization to spy on and manipulate virtual machines, with no way to detect the intrusion. This insidious spying eventually went from the research papers that brought the warnings to a mysterious hacker group that has carried out a bunch of hyperjacking attacks.
Today, the security company Mandiant owned by Google and virtualization company VMware have published shared warnings that a sophisticated hacker group is installing backdoors in VMware's virtualization software. By planting their own code on the victims' so-called hypervisors—the VMware software that runs on a physical computer to manage all the virtual machines it hosts—the hackers were able to monitor and invisibly run commands on the computers overseen by those hypervisors.
And because the malicious code targets the Hypervisor of physics machineand not virtual machines, the hacker's ploy avoids almost all traditional security measures designed to monitoring of these target machines.
Mandiant consultant Alex Marvi says his company discovered the hackers earlier this year and disclosed their practices to VMware. Researchers report that they have seen the group perform virtualization hacking – a technique which was historically called hyperjacking – in 10 or so networks victims across North America and Asia.
Mandiant says the hackers have not been identified as any known group, but appear to be linked to China.