Hackers Abuse QEMU for Defense Evasion

Threat actors have been abusing QEMU in campaigns leading to the deployment of ransomware and remote access tools, Sophos reports. A cross-platform open source machine emulator, QEMU allows users to run a guest VM on top of their operating system (VM host). Over the past years, security researchers documented several malicious campaigns using QEMU to establish covert communication channels and deploy backdoors, and Sophos now says it has observed an uptick in abuse since late 2025. As part of a campaign first observed in November 2025, tracked as STAC4713 and potentially linked to the PayoutsKing ransomware, threat actors used the machine emulator as a covert reverse SSH backdoor for payload delivery and credential harvesting. At first, the hackers targeted exposed SonicWall VPNs that lacked MFA for initial access, but later switched to exploiting CVE-2025-26399, a remote code execution (RCE) vulnerability in SolarWinds Web Help Desk. The attackers created a scheduled task to launch a QEMU VM with System privileges and to establish persistence. Upon launch, the virtual hard disk image creates a reverse SSH tunnel, providing the threat actors with direct access to the VM. Sophos observed the attackers creating a volume shadow copy snapshot, copying the Active Directory database and the SAM and SYSTEM hives to temporary folders, and performing network share discovery and file access using native Windows tools. The cybersecurity firm attributes the attacks to Gold Encounter, a closed hacking group operating the PayoutsKing ransomware. The gang is known to target VMware and ESXi environments for encryption. In February 2026, Sophos observed a second campaign abusing QEMU. Tracked as STAC3725, it has been relying on the exploitation of CVE-2025-5777 (the infamous CitrixBleed2 bug) for initial access and on a malicious ScreenConnect client to achieve persistence. Following the NetScaler exploitation, the attackers created a start service, installed the remote access tool to retrieve QEMU and a virtual disk image, and manually executed the attack within the VM. The hackers were observed deploying roughly a dozen tools and libraries, harvesting credentials, enumerating Kerberos usernames, performing Active Directory reconnaissance, staging payloads, and exfiltrating data. “Follow-on activity differed across intrusions, suggesting that initial access brokers originally compromised the victims’ environments and then sold the access to other threat actors,” Sophos notes. Organizations are advised to search for unauthorized QEMU installations, rogue scheduled tasks, unusual port forwarding rules, and monitor outbound SSH tunnels, which could reveal potential compromise. Related: Next.js Creator Vercel Hacked Related: Hackers Fail to Exploit Flaw in Discontinued TP-Link Routers Related: Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest Related: 100 Chrome Extensions Steal User Data, Create Backdoor WRITTEN BY Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. More from Ionut Arghire Two North Korean IT Worker Scheme Facilitators Jailed in the US Cursor AI Vulnerability Exposed Developer Devices 53 DDoS Domains Taken Down by Law Enforcement Artemis Emerges From Stealth With $70 Million in Funding Splunk Enterprise Update Patches Code Execution Vulnerability NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software Cisco Patches Critical Vulnerabilities in Webex, ISE Ransomware Hits Automotive Data Expert Autovista Latest News Bluesky Disrupted by Sophisticated DDoS Attack Senate Extends Surveillance Powers Until April 30 After Chaotic Votes in House Half of the 6 Million Internet-Facing FTP Servers Lack Encryption Next.js Creator Vercel Hacked Hackers Fail to Exploit Flaw in Discontinued TP-Link Routers Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks White House Chief of Staff to Meet With Anthropic CEO Over Its New AI Technology CoChat Launches AI Collaboration Platform to Combat Shadow AI Trending Webinar: A Step-By-Step Approach To AI Governance April 28, 2026 With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment. Register Virtual Event: Threat Detection And Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register People on the Move Anti-ransomware platform Halcyon has named Kirstjen Nielsen and Chris Inglis as Strategic Advisors. ThreatModeler has appointed Kevin Gallagher as Chief Executive Officer. Thomas Bain has been appointed Chief Marketing Officer at Silent Push. More People On The Move Expert Insights Government Can’t Win The Cyber War Without The Private Sector Securing national resilience now depends on faster, deeper partnerships with the private sector. (Steve Durbin) The Hidden ROI Of Visibility: Better Decisions, Better Behavior, Better Security Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. (Joshua Goldfarb) The New Rules Of Engagement: Matching Agentic Attack Speed The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural. (Nadir Izrael) The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust Data integrity shouldn’t be seen only through the prism of a technical concern but also as a leadership issue. (Steve Durbin) Why Agentic AI Systems Need Better Governance – Lessons From OpenClaw Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access, (Etay Maor) Flipboard Reddit Whatsapp Email