Attackers have compromised a large company's network infrastructure with the novel use of open-source hardware emulator QEMU for network tunneling, The Hacker News reports.
QEMU enabled virtual machine connections that could establish a virtual network interface and could be later exploited to facilitate communications with remote servers, a report from Kaspersky revealed. With QEMU, researchers were able to establish a network tunnel within an enterprise network-based internal host to an internet-exposed pivot host. Such host would then create a link with the attacker's server with the emulator, according to the report. Such a development indicates the ongoing expansion of attack techniques leveraged by threat actors, said researchers, who noted the importance of even stronger network defenses. "This further supports the concept of multi-level protection, which covers both reliable endpoint protection, and specialized solutions for detecting and protecting against complex and targeted attacks including human-operated ones," researchers added.