Mitel VoIP zero-day under active exploitation

CrowdStrike researchers discovered the exploitation of a zero-day vulnerability impacting the Mitel VoIP appliance in a suspected ransomware attack, according to The Record, a news site by cybersecurity firm Recorded Future. "Although the threat actor deleted all files from the VoIP devices filesystem, CrowdStrike was able to recover forensic data from the device. This included the initial undocumented exploit used to compromise the device, the tools subsequently downloaded by the threat actor to the device, and even evidence of specific anti-forensic measures taken by the threat actor," wrote researcher Patrick Bennett. Organizations should promptly apply the remediation script to affected Mitel devices, said cybersecurity expert Kevin Beaumont, who added that vulnerable devices are prevalent among U.S. and U.K. government entities. Exploit development for Microsoft Exchange, Citrix, and other widely used systems is costly, noted Allan Liska of Recorded Future. "But, there are a lot of other internet-facing systems that are not nearly as widely deployed and that has been where ransomware groups have focused their efforts. This is a great example of that," Liska added.