Researchers have identified a new malware family that was designed to backdoor and create persistence on VMware ESXi servers by leveraging legitimate functionality the hypervisor software supports. According to researchers from Mandiant who found and analyzed the backdoors, they were packaged and deployed on infected servers as vSphere Installation Bundles (VIBs). VIBs are software packages used to distribute components that extend VMware ESXi functionality. The malicious VIBs provided hackers with remote command execution and persistence capabilities on the servers and the ability to execute commands on the guest virtual machines running on the servers.
Related Post
- December 21, 2024
LockBit Developer Rostislav Panev Charged for Billions in
A dual Russian and Israeli national has been charged in the United States for allegedly being the developer of the
- December 20, 2024
Friday Squid Blogging: Squid Sticker
A sticker for your water bottle. Blog moderation policy.
- December 20, 2024
Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus
The Lazarus Group, an infamous threat actor linked to the Democratic People’s Republic of Korea (DPRK), has been observed leveraging
- December 20, 2024
Rspack npm Packages Compromised with Crypto Mining Malware
The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software