Hackers Abuse QEMU for Defense Evasion

Summary

Sophos reports that threat actors have been abusing QEMU, an open-source machine emulator, in at least two campaigns to deploy ransomware and remote access tools since late 2025. In campaign STAC4713 (linked to PayoutsKing ransomware), Gold Encounter exploited SonicWall VPN misconfigurations and CVE-2025-26399 in SolarWinds Web Help Desk, using QEMU as a covert reverse SSH backdoor for persistence. A second campaign STAC3725 exploited CVE-2025-5777 (CitrixBleed2) and deployed ScreenConnect alongside QEMU for credential harvesting and Active Directory reconnaissance.

Full text

Threat actors have been abusing QEMU in campaigns leading to the deployment of ransomware and remote access tools, Sophos reports. A cross-platform open source machine emulator, QEMU allows users to run a guest VM on top of their operating system (VM host). Over the past years, security researchers documented several malicious campaigns using QEMU to establish covert communication channels and deploy backdoors, and Sophos now says it has observed an uptick in abuse since late 2025. As part of a campaign first observed in November 2025, tracked as STAC4713 and potentially linked to the PayoutsKing ransomware, threat actors used the machine emulator as a covert reverse SSH backdoor for payload delivery and credential harvesting. At first, the hackers targeted exposed SonicWall VPNs that lacked MFA for initial access, but later switched to exploiting CVE-2025-26399, a remote code execution (RCE) vulnerability in SolarWinds Web Help Desk. The attackers created a scheduled task to launch a QEMU VM with System privileges and to establish persistence. Upon launch, the virtual hard disk image creates a reverse SSH tunnel, providing the threat actors with direct access to the VM.Advertisement. Scroll to continue reading. Sophos observed the attackers creating a volume shadow copy snapshot, copying the Active Directory database and the SAM and SYSTEM hives to temporary folders, and performing network share discovery and file access using native Windows tools. The cybersecurity firm attributes the attacks to Gold Encounter, a closed hacking group operating the PayoutsKing ransomware. The gang is known to target VMware and ESXi environments for encryption. In February 2026, Sophos observed a second campaign abusing QEMU. Tracked as STAC3725, it has been relying on the exploitation of CVE-2025-5777 (the infamous CitrixBleed2 bug) for initial access and on a malicious ScreenConnect client to achieve persistence. Following the NetScaler exploitation, the attackers created a start service, installed the remote access tool to retrieve QEMU and a virtual disk image, and manually executed the attack within the VM. The hackers were observed deploying roughly a dozen tools and libraries, harvesting credentials, enumerating Kerberos usernames, performing Active Directory reconnaissance, staging payloads, and exfiltrating data. “Follow-on activity differed across intrusions, suggesting that initial access brokers originally compromised the victims’ environments and then sold the access to other threat actors,” Sophos notes. Organizations are advised to search for unauthorized QEMU installations, rogue scheduled tasks, unusual port forwarding rules, and monitor outbound SSH tunnels, which could reveal potential compromise. Related: Next.js Creator Vercel Hacked Related: Hackers Fail to Exploit Flaw in Discontinued TP-Link Routers Related: Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest Related: 100 Chrome Extensions Steal User Data, Create Backdoor Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. More from Ionut Arghire Two North Korean IT Worker Scheme Facilitators Jailed in the USCursor AI Vulnerability Exposed Developer Devices53 DDoS Domains Taken Down by Law EnforcementArtemis Emerges From Stealth With $70 Million in FundingSplunk Enterprise Update Patches Code Execution VulnerabilityNIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical SoftwareCisco Patches Critical Vulnerabilities in Webex, ISERansomware Hits Automotive Data Expert Autovista Latest News British Scattered Spider Hacker Pleads Guilty in the USBluesky Disrupted by Sophisticated DDoS AttackSenate Extends Surveillance Powers Until April 30 After Chaotic Votes in HouseHalf of the 6 Million Internet-Facing FTP Servers Lack EncryptionNext.js Creator Vercel HackedHackers Fail to Exploit Flaw in Discontinued TP-Link RoutersTycoon 2FA Loses Phishing Kit Crown Amid Surge in AttacksWhite House Chief of Staff to Meet With Anthropic CEO Over Its New AI Technology Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: A Step-by-Step Approach to AI Governance April 28, 2026 With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment. Register Virtual Event: Threat Detection and Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register People on the MoveAnti-ransomware platform Halcyon has named Kirstjen Nielsen and Chris Inglis as Strategic Advisors.ThreatModeler has appointed Kevin Gallagher as Chief Executive Officer.Thomas Bain has been appointed Chief Marketing Officer at Silent Push.More People On The MoveExpert Insights Government Can’t Win the Cyber War Without the Private Sector Securing national resilience now depends on faster, deeper partnerships with the private sector. (Steve Durbin) The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. (Joshua Goldfarb) The New Rules of Engagement: Matching Agentic Attack Speed The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural. (Nadir Izrael) The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust Data integrity shouldn’t be seen only through the prism of a technical concern but also as a leadership issue. (Steve Durbin) Why Agentic AI Systems Need Better Governance – Lessons from OpenClaw Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access, (Etay Maor) Flipboard Reddit Whatsapp Whatsapp Email

Indicators of Compromise

• cve — CVE-2025-26399
• cve — CVE-2025-5777
• malware — PayoutsKing

Entities