Hackers are exploiting a known RCE vulnerability in the Windows Internet Key Exchange (IKE) protocol extensions as part of the "Bleed You" campaign, according to a new report from information security company Cyfirma. More than 1,000 vulnerable systems are at risk of being hacked.
Critical vulnerability CVE-2022-34721 (CVSS: 9.8) has been actively used in attacks since September, affecting vulnerable versions of Windows OS, Windows Server, as well as the Windows protocol and services. The researchers noticed that once compromised, attackers deploy ransomware and other malware. In addition, experts noticed that unknown hackers share a link to the exploit on darknet forums.
Windows versions affected:
According to Cyfirma, the cybercriminals speak Mandarin Chinese but also allegedly have links to Russian hackers. The experts also add that the attacks are not limited to a specific sector, but are aimed at retail, government, IT services, etc. The victims of the campaign are Canada, the United Kingdom and the United States.
“Attackers actively exploit vulnerable Windows Server machines through IKE and AuthIP IPsec key modules, exporting this error. Users are advised to install patches as soon as possible to mitigate the risk,” the Cyfirma researchers told.