Security News

Cybersecurity news aggregator

💀
HIGH Attacks Sophos News

QEMU abused to evade detection and enable ransomware delivery

virtualmachineransomwareexploitationmitre-ta0001mitre-ta0010
Threat actors are abusing the QEMU open-source emulator to deploy hidden virtual machines, enabling persistent access, credential harvesting, and the deployment of PayoutsKing ransomware. This technique, attributed to the GOLD ENCOUNTER group, leverages compromised credentials from CitrixBleed to establish initial access. The article does not describe a vulnerability in QEMU itself but rather its malicious use as an attack tool, so no CVSS score, affected versions, patches, or specific workarounds are provided.
Read Full Article →

The use of hidden virtual machines (VMs) enables long-term access, credential harvesting, data exfiltration, and PayoutsKing ransomware deployment Categories: Threat Research Tags: virtual machine, QEMU, PayoutsKing, GOLD ENCOUNTER, CitrixBleed2

Related Articles

CRITICAL Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations Microsoft Security Blog HIGH Researchers Observe Sub-One-Hour Ransomware Attacks Infosecurity Magazine CRITICAL China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware The Hacker News CRITICAL Medusa Ransomware Fast to Exploit Vulnerabilities, Breached Systems SecurityWeek
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn