NSA warns Russians exploiting flaw in virtual workspaces during pandemic

Jenna McLaughlin
·National Security and Investigations Reporter
·2 min read
Photo illustration: Yahoo News; photos: AP, Getty Images (2).
Photo illustration: Yahoo News; photos: AP, Getty Images (2)

WASHINGTON — The National Security Agency on Monday morning released a warning that Russian state-sponsored actors have been “seen in the wild” breaching virtual workspaces — a popular tool for the U.S. defense industry amid the pandemic — to extract sensitive information.

The Russians discovered a security flaw in VMware Products, a company known for virtualization software like cloud computing and virtual machines, according to the NSA. Virtual machines are pieces of software that mimic a physical computer and run using their own operating system, which isolates their activity from the rest of the hardware.

“VMware has responded to a new security issue related to the on-premises versions of VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector, as identified in a Cybersecurity Advisory from the U.S. National Security Agency,” wrote Michael Thacker, a spokesman for VMware, in an email to Yahoo News. According to Thacker, once the vulnerability was discovered and the company was notified, it created a security patch “to mitigate this issue,” which it recommends that customers download, as well as sign up for a newsletter notifying them of other new security updates. “Ensuring customer security is our top priority,” he wrote.

While the attack requires that bad actors first obtain a user’s login credentials in order to exploit the flaw, if they are able to do that, they can then forge security credentials and access secure data, the NSA wrote in its advisory.

While the NSA advisory did not identify the alleged Russian actors or speculate about their motivation, it specifically warned people managing national-security-related systems to “patch” their VMware products, or download the latest update fixing the flaw. “This advisory emphasizes the importance for National Security Systems, Department of Defense, and Defense Industrial Base system administrators,” the NSA wrote.

Victims will have to “check server logs” to discover whether they’ve been compromised.

Vendors of virtual machines, like VMware, have recommended their products during the pandemic because they allow employees to use desktops or laptops at home, while isolating that work from personal browsing.

VMware published an advertisement promoting its virtual workspace product, saying it “empowers federal agencies to meet performance, cost savings, and emergency preparedness goals” as teleworking increases.

The NSA advisory comes amid major challenges for the NSA itself, as well as defense contractors and others working with sensitive information, to protect both their workers and their data during the COVID-19 pandemic.

_____

Read more from Yahoo News: