Morphisec, a company defending against evasive polymorphic threats, discovered exploitation attempts for a week-old Remote Code Execution (RCE) vulnerability in VMware Workspace ONE Access/Identity Manager on April 14 and 15. Based on signs of a sophisticated Core Impact backdoor, Morphisec believes that the Iranian-linked hacking group called Rocket Kitten is behind those attacks. Over 500,000 organizations worldwide use VMWare. Hackers exploiting the RCE vulnerability can potentially gain the highest privileged access to any components of the virtualized host and guest environment.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is