OMIGOD: Microsoft Azure VMs Exploited to Drop Mirai, Miners

Share post:

Researchers have found that threat actors exploit Azure OMIGOD, a group of four vulnerabilities in the Open Management Infrastructure (OMI) that provide scope for privilege escalation and remote code execution.

Wiz researchers who first discovered the bugs noted that they may affect thousands of Azure customers and millions of endpoints.

The first attacks were discovered by security researchers, who showed that a Mirai botnet was behind some of the exploit attempts against Azure Linux OMI endpoints, which are vulnerable to CVE-2021-38647 RCE exploits.

In analyzing the botnet, digital forensics company Cado Security noted that it “also closes the ports of the vulnerabilities it exploited to stop other botnets taking over the system.”

Among the steps customers should take to mitigate the risk, Microsoft said: “While updates are being rolled out using safe deployment practices, customers can protect against the RCE vulnerability by ensuring VMs are deployed within a Network Security Group (NSG) or behind a perimeter firewall and restrict access to Linux systems that expose the OMI ports (TCP 5985, 5986, and 1207).”

For more information, read the original story in Bleeping Computer.

Featured Tech Jobs


Related articles

Abuse of valid accounts by threat actors hits a high, says IBM

Attackers are finding that obtaining valid credentials is an easier route to achieving their goals, s

Cyber Security Today, Feb. 21, 2024 – A patch warning from ConnectWise, the latest ransomware news, and more

This episode reports on a report comparing business email compromise attacks against ransomware

UK leads takedown of LockBit ransomware gang’s website

The LockBit ransomware gang’s website has been seized, several news agencies reported late Monday. The Reuters news agency and The Register are carrying stories based on a new splash screen that has appeared on the gang’s website. It says, “This site is now under the control of the National Crime Agency of the UK, working

Cyber Security Today, Feb. 19, 2024 – Fake police data breach notification fools Maine’s AG site

This episode reports a recent fake data breach report and two real ones, a man pleads guilty to being involved in malware distribution

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways