///

NSA Releases Cybersecurity Advisory on Russian-Backed Threat Actors Exploiting VMware Tools

1 min read
Cybersecurity
Cybersecurity

The National Security Agency (NSA) has issued a warning on Russian-backed hackers that utilize a vulnerability in various VMware products to breach protected data housed in affected systems. NSA said Monday that the cyber threat affects VMware’s Identity Manager, Identity Manager Connector, Access Connector and Workspace One Access tools.

The state-sponsored malicious actors exploit the vulnerability to access a device’s management interface and forge security assertion markup language credentials to access private information.

NSA said it “strongly recommends” the Department of Defense (DoD), National Security System (NSS) and defense industrial base to implement vendor-provided patches to designated VMware identity management tools “as soon as possible.”

The cybersecurity advisory details cybersecurity recommendations such as monitoring authentication server configurations and server logs.