Hackers Exploit RCE Vulnerability in Windows Internet Key Exchange

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,458
A critical RCE vulnerability in Windows Internet Key Exchange (IKE) Protocol Extensions are being exploited in an active campaign. The campaign “流血你” translating to “Bleed You” is suspected to be operated by unknown Mandarin-speaking threat actors.

CYFIRMA researchers have found almost 1,000+ systems that are exposed to this vulnerability (CVE-2022-34721).
  • Since September, the Bleed You campaign has been targeting weak or vulnerable Windows OS, Windows Servers, Windows protocols, and services.
  • The ultimate aim of the campaign is to facilitate further malware and ransomware attacks and lateral movement across the network.
  • The campaign is targeting organizations in retail, industrial conglomerates, government, financial services, IT services, and e-commerce industries in the U.S., the U.K, Australia, Canada, France, Germany, Turkey, Japan, India, UAE, and Israel.
The vulnerability exists in the unknown code used to handle the IKEv1 protocol.
  • It affects Windows OS, Windows Server 2008, Windows Server 2012, Windows Server 2016, Windows Server 2019, Windows Server 2022, Windows 7, Windows 8.1, Windows 10, and Windows 11.
  • Its exploitation could lead to memory corruption and remote code execution.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top