Litcius/Paper detail

How VMware Exploits Contributed to SolarWinds Supply-chain Attack

Josh Huddleston, Pu Ji, Suman Bhunia, Joel Cogan

20212021 International Conference on Computational Science and Computational Intelligence (CSCI)23 citationsDOI

Abstract

This paper analyzes the part of VMWare in the multi-vector attack on SolarWinds. After infecting hundreds of companies’ networks through the supply-chain attack on SolarWinds, hackers were able to use a VMware exploit on a number of the infected networks to propagate their attack further. The adversary specifically targeted command injection, used after free and privilege escalation to access VMWare platforms. Although the hackers were not able to gain control of the machines, they were able to steal sensitive information. Without the VMware exploit, attackers may not have gotten access to the VMs and thus could not easily pivot to other servers. This paper provides details on the specific zero-day vulnerabilities used in this attack and outlines the possible defense against this attack.

Topics & Concepts

ExploitComputer scienceSupply chainOperating systemComputer securityEmbedded systemComputer networkBusinessMarketingSoftware-Defined Networks and 5GAdvanced Malware Detection TechniquesIoT and Edge/Fog Computing
How VMware Exploits Contributed to SolarWinds Supply-chain Attack | Litcius