Lorenz ransomware uses Mitel’s MiVoice Connect VoIP phones as a springboard

Attackers are currently exploiting a critical vulnerability in mitel phone systems. Security updates are available.

A vulnerability in VoIP phones from Mitel’s mivoice connect series is currently being used as a loophole for the lorenz blackmail trojan. If such phones are used in companies, admins should quickly update the devices and thus close the gap.

Security researchers from Artic Wolf came across the attacks. In their report, they state that the attackers participated in a “critical“Gap (CVE-2022-29499) to get a foothold in the IT infrastructures of companies. They should then wait around a month and then let the ransomware Lorenz off the leash.