BleepingComputer reports that enterprises are having their networks targeted for initial access by the Lorenz ransomware group through the abuse of a critical Mitel MiVoice VOIP vulnerability, tracked as CVE-2022-29499.
Such an attack approach was discovered by Arctic Wolf Labs researchers after noticing significant tactics, techniques, and procedures with other ransomware attacks reported by CrowdStrike in June that also exploited the flaw.
"Lorenz exploited CVE-2022-29499, a remote code execution vulnerability impacting the Mitel Service Appliance component of MiVoice Connect, to obtain a reverse shell and subsequently used Chisel as a tunneling tool to pivot into the environment," said researchers.
Security patches for the flaw have been issued by Mitel in June following the April release of a MiVoice Connect remediation script. Numerous enterprises have already been targeted by the Lorenz ransomware gang since December 2020, with ID Ransomware's Michael Gillespie noting similarities between the operation's encryptor and the one leveraged by the now-defunct ThunderCrypt ransomware operation.
Mitel VOIP devices exploited in new Lorenz ransomware attacks
BleepingComputer reports that enterprises are having their networks targeted for initial access by the Lorenz ransomware group through the abuse of a critical Mitel MiVoice VOIP vulnerability, tracked as CVE-2022-29499.
Aside from featuring over 40 million signals from the DNS Research Federation's data platform and the Global Anti-Scam Alliance's comprehensive stakeholder network, the Global Signal Exchange will also contain more than 100,000 bad merchant URLs and one million scam signals from Google.