Microsoft warned users about a new way to abuse Intel Active Management Technology (Intel AMT). As the company's experts explained, hackers have learned to use Intel AMT to transfer messages between infected systems over corporate LANs.

Currently, the above method was used only in attacks on Asian companies. To successfully carry out an attack, hackers must first entice system administrators with their credentials. As the researchers note, the method they described is not a new attack vector, but rather allows using the Serial-over-LAN (SOL) function for cybercrime purposes,.

Attacks using SOL are attractive to hackers, since the function is independent of the host operating system. They can be detected by a separate firewall, but not by a firewall at the host level. In addition, the embedded processor has remote out-of-band capabilities, such as turning on and off for optimal power and KVM even with the main processor off.

SOL is also capable of communicating over a local area network in the absence of a physical connection, regardless of whether the network mode is enabled on the host.

Intel Active Management Technology is a hardware technology that provides remote access and out-of-band (via an independent auxiliary TCP / IP channel) access to manage the settings and security of the computer regardless of the power status (remote computer power on / off) and OS state.

KVM (Kernel-based Virtual Machine) is a software solution that provides virtualization in a Linux environment on an x86 platform that supports hardware virtualization based on Intel VT (Virtualization Technology) or AMD SVM (Secure Virtual Machine).