virus logo Outbreak Alert

VMware Workspace ONE Attack

Released: Oct 26, 2022

Download PDF »

VMware Workspace One Campaigns Attack Tags

High Severity

VMware Vendor

Subscribe

Multiple malware campaigns targeting VMware vulnerability

Fortinet researchers observed VMware vulnerability (CVE-2022-22954) being exploited in the wild and leveraged to deliver multiple malware payloads such as cryptocurrency miners and ransomware on the affected machines. During August 2022, more than 50,000 devices were seen in attack attempts trying to exploit this vulnerability. Learn More »

Common Vulnerabilities and Exposures


Background

VMware published a security advisory on April 2022 a CVE-2022-22954 vulnerability on their products VMware Workspace ONE Access, Identity Manager and vRealize Automation. A week later, VMware updated their advisory that CVE-2022-22954 is being exploited in the wild.
https://www.vmware.com/security/advisories/VMSA-2022-0011.html

Click here to analyze the

Real-Time Threat Map

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.


In April, 2022, Fortiguard labs added protections throughout the Security Fabric to block any attack attempts and are actively monitoring ever evolving malware distribution leveraging the VMware vulnerability CVE-2022-22954. User are advised to patch vulnerable versions as per the vendor's recommendations.


October 20, 2022, Fortinet researcher posted a blog elaborating exploitation of the VMware vulnerability and installation of the malware.
https://www.fortinet.com/blog/threat-research/multiple-malware-campaigns-target-vmware-vulnerability

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.


PROTECT

  • AV

  • AV (Pre-filter)

  • IPS

  • Web App Security

DETECT

  • IOC

  • Outbreak Detection

  • Content Update

  • Threat Hunting

RESPOND

  • Assisted Response Services

  • Automated Response

RECOVER

  • InfoSec Services

IDENTIFY

  • Attack Surface Monitoring (Inside & Outside)

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.