The Lorenz ransomware group exploited the previously discovered bug in Mitel MiVoice VOIP appliances, CVE-2022-29499, in their recent cyberattack campaigns to hack into corporate networks through flawed phone systems.
During a study about ransomware attacks that abuse the critical Mitel MiVoice VOIP appliances bug, cybersecurity experts attributed some discovered TTPs to the Lorenz gang. The researchers explained that in abusing the flaw, Lorenz attained a reverse shell and used a tunneling tool called Chisel to launch itself toward the targeted environment.
From the study, it could be considered that the flaw has given the threat group a chance to spread their campaigns since Mitel VoIP products, such as phone systems, are widely used by numerous critical organisations globally that are most likely using the affected products on their daily operations.
There are no further details concerning the affected Mitel phone systems used by the Lorenz gang to hack into corporate systems, although experts underline that many critical sectors could be targeted soon.
In June 2022, Mitel released security patches to address the critical vulnerability of their products. Threat actors have abused several other vulnerabilities that impact Mitel appliances before the release of security patches, including some record-breaking DDoS amplification cyberattacks.
Thus, organisations and companies that utilised the affected products should apply the released patches as soon as possible to avoid being a target of attacks.
Initially spotted in December 2020, Lorenz is a ransomware gang known for targeting enterprise firms globally. In their attacks, the threat group demands hundreds of thousands of dollars from their victims in exchange for the safety of their data.
Studies on the ransomware gang also uncovered their tactic of double extortion, wherein they steal data from the victims before encrypting them. This technique usually puts more pressure on the victims, forcing them into paying the ransom demands of the attacker.
If the victim refuses to pay, the encrypted databases’ passwords are published to be available for public consumption. However, In June 2021, a security firm released a ransomware decryptor for all victims of the Lorenz gang. This tool allowed the victims to recover some of their files, including PDFs, images, videos, and Office docs.
