Menu

Blog

Mar 9, 2024

Hackers abuse QEMU to covertly tunnel network traffic in cyberattacks

Posted by in category: cybercrime/malcode

Malicious actors were detected abusing the open-source hypervisor platform QEMU as a tunneling tool in a cyberattack against a large company.

QEMU is a free emulator and hypervisor that allows you to run other operating systems as guests on a computer.

As part of the attack, threat actors used QEMU to create virtual network interfaces and a socket-type network device to connect to a remote server. This allowed the threat actors to create a network tunnel from the victim’s system to the attacker’s server with negligible impact on system performance.

Comments are closed.