Iranian Hackers Exploiting VMware RCE Bug to Deploy 'Code Impact' Backdoor

MuzzMelbourne

Level 5
Thread author
Mar 13, 2022
158
An Iranian-linked threat actor known as Rocket Kitten has been observed actively exploiting a recently patched VMware vulnerability to gain initial access and deploy the Core Impact penetration testing tool on vulnerable systems.

Tracked as CVE-2022-22954 (CVSS score: 9.8), the critical issue concerns a case of remote code execution (RCE) vulnerability affecting VMware Workspace ONE Access and Identity Manager.