While the specific threat actor(s) tied to the Amnpardaz research are still unclear, it is important to note the vulnerabilities in question apply to enterprise servers that are very common and are used in nearly all verticals. Additionally, the implant took the added steps of silently preventing the system from updating the BMC firmware, while spoofing results to make it appear that the firmware had been updated. Since the malicious code was hidden within the BMC firmware, the implant was able to persist even after the server operating system was reinstalled enabling the attacker to repeat the cycle of destroying data after the server was recovered. Just as importantly, iLOBleed used the unique powers of firmware to do this repeatedly. A BMC implant can provide virtually omnipotent control over a compromised server, and in this case, attackers used iLOBleed to completely wipe the victim server’s disks. ILOBleed has been observed in the wild since 2020 and has proven to be stealthy, persistent, and damaging. (For additional vulnerability and threat details, see CVE-2018-7078, CVE-2018-7113.)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |