Tunnelvision

Malware Profile Updated 9 days ago
Download STIX
Preview STIX
TunnelVision is a potent malware that has been making headlines for its ability to bypass VPN encapsulation. This malicious software, designed to exploit and damage computer systems, infiltrates through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside a system, TunnelVision can steal personal information, disrupt operations, or hold data hostage for ransom. The new technique associated with TunnelVision is particularly concerning as it can circumvent most IP routing-based VPN systems, an aspect previously considered secure. The malware exploits a specific vulnerability, identified as CVE-2024-3661. This flaw lies within the DHCP design where messages such as the classless static route (option 121) are not authenticated. This lack of authentication allows these messages to be manipulated by attackers, providing a gateway for the malware to infiltrate the system. The manipulation of this vulnerability enables TunnelVision to decloak routing-based VPNs, leading to a total VPN leak. This discovery has raised significant security concerns, given the widespread reliance on VPNs for secure internet connections, especially in professional settings. The TunnelVision technique essentially renders these protections ineffective, leaving systems vulnerable to attack. It's critical for organizations and individuals to stay informed about this development and implement necessary measures to protect their systems from this new threat.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vpn
Vulnerability
Exploit
Zero Day
Wordpress
Ransomware
Android
Malware
Vmware
Iran
Chrome
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Mirai BotnetUnspecified
1
The Mirai botnet is a type of malware, malicious software designed to exploit and harm computer systems. It spreads by exploiting vulnerabilities in different systems, most notably through Ivanti Connect Secure bugs and the JAWS Webserver. Once inside a system, it can steal personal information, dis
LockbitUnspecified
1
LockBit is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. It can enter your system through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
LeviathanUnspecified
1
Leviathan is a threat actor group that has been linked to various Advanced Persistent Threat (APT) groups such as APT40, also known as Kryptonite Panda, Gingham Typhoon, and Bronze Mohawk. These groups have been reported to be state-sponsored by the People's Republic of China (PRC). Leviathan has re
APT28Unspecified
1
APT28, also known as Fancy Bear, is a threat actor linked to Russia and has been involved in numerous cyber espionage campaigns. The group is notorious for its sophisticated tactics, techniques, and procedures (TTPs). Recently, NATO and the EU formally condemned APT28's activities, acknowledging the
Unc5221Unspecified
1
UNC5221, a threat actor linked to China, has been identified as the group behind recent cyberattacks involving new malware specifically designed to exploit vulnerabilities in Ivanti Connect Secure VPN and Policy Secure devices. The discovery was made by Mandiant researchers who observed the deployme
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2024-3661Unspecified
1
None
CVE-2023-49606Unspecified
1
None
Source Document References
Information about the Tunnelvision Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
2 days ago
Security Affairs Malware Newsletter - Round 3
Securityaffairs
2 days ago
Security Affairs Malware Newsletter - Round 3
Securityaffairs
9 days ago
Security Affairs Malware Newsletter - Round 2
Securityaffairs
16 days ago
Security Affairs Malware Newsletter - Round 1
Securityaffairs
23 days ago
Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
a month ago
Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
a month ago
Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
2 months ago
Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
2 months ago
Security Affairs newsletter Round 471 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
3 months ago
New TunnelVision technique can bypass the VPN encapsulation