Researchers have identified a new malware family that was designed to backdoor and create persistence on VMware ESXi servers by leveraging legitimate functionality the hypervisor software supports. According to researchers from Mandiant who found and analyzed the backdoors, they were packaged and deployed on infected servers as vSphere Installation Bundles (VIBs). VIBs are software packages used to distribute components that extend VMware ESXi functionality. The malicious VIBs provided hackers with remote command execution and persistence capabilities on the servers and the ability to execute commands on the guest virtual machines running on the servers.
Related Post
- November 14, 2024
Experts Uncover 70,000 Hijacked Domains in Widespread ‘Sitting
Multiple threat actors have been found taking advantage of an attack technique called Sitting Ducks to hijack legitimate domains for
- November 14, 2024
ShrinkLocker ransomware: what you need to know
What is ShrinkLocker? ShrinkLocker is a family of ransomware that encrypts an organisation’s data and demands a ransom payment in
- November 14, 2024
Google Warns of Rising Cloaking Scams, AI-Driven Fraud,
Google has revealed that bad actors are leveraging techniques like landing page cloaking to conduct scams by impersonating legitimate sites.
- November 14, 2024
5 BCDR Oversights That Leave You Exposed to
Ransomware isn’t just a buzzword; it’s one of the most dreaded challenges businesses face in this increasingly digitized world. Ransomware