- Jul 27, 2015
A critical RCE vulnerability in Windows Internet Key Exchange (IKE) Protocol Extensions are being exploited in an active campaign. The campaign “流血你” translating to “Bleed You” is suspected to be operated by unknown Mandarin-speaking threat actors.
CYFIRMA researchers have found almost 1,000+ systems that are exposed to this vulnerability (CVE-2022-34721).
- Since September, the Bleed You campaign has been targeting weak or vulnerable Windows OS, Windows Servers, Windows protocols, and services.
- The ultimate aim of the campaign is to facilitate further malware and ransomware attacks and lateral movement across the network.
- The campaign is targeting organizations in retail, industrial conglomerates, government, financial services, IT services, and e-commerce industries in the U.S., the U.K, Australia, Canada, France, Germany, Turkey, Japan, India, UAE, and Israel.
The vulnerability exists in the unknown code used to handle the IKEv1 protocol.
- It affects Windows OS, Windows Server 2008, Windows Server 2012, Windows Server 2016, Windows Server 2019, Windows Server 2022, Windows 7, Windows 8.1, Windows 10, and Windows 11.
- Its exploitation could lead to memory corruption and remote code execution.
Security company Cyfirma outlined a series of exploits in the wild targeting Windows Internet Key Exchange (IKE) Protocol Extensions for CVE-2022-34721. Read further!