IceFire Ransomware Exploits IBM Aspera Faspex to Attack Linux-Powered Enterprise Networks

March 9, 2023

IceFire, a previously known Windows-based ransomware strain, has expanded its focus to target Linux enterprise networks belonging to several media and entertainment sector organizations across the world. Cybersecurity company SentinelOne has reported that the intrusions entail the exploitation of a recently disclosed deserialization vulnerability in IBM Aspera Faspex file-sharing software (CVE-2022-47986, CVSS score: 9.8).

"This strategic shift is a significant move that aligns them with other ransomware groups that also target Linux systems," said Alex Delamotte, senior threat researcher at SentinelOne. A majority of the attacks have been directed against companies located in Turkey, Iran, Pakistan, and the U.A.E., countries that are not typically targeted by organized ransomware crews.

IceFire is a 2.18 MB 64-bit ELF file that's installed on CentOS hosts running a vulnerable version of IBM Aspera Faspex file server software. It's also capable of avoiding encrypting certain paths so that the infected machine continues to be operational. Delamotte noted that, "In comparison to Windows, Linux is more difficult to deploy ransomware against–particularly at scale. Many Linux systems are servers: typical infection vectors like phishing or drive-by download are less effective. To overcome this, actors turn to exploiting application vulnerabilities."

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.