Chinese Hackers Exploit VMware ESXi Zero-Day for Espionage Operations.
Chinese state-sponsored group UNC3886 has been exploiting a zero-day flaw in VMware ESXi hosts to backdoor Windows and Linux systems. The group has been described as a "highly adept" adversarial collective targeting defense, technology, and telecommunication organizations in the U.S., Japan, and the Asia-Pacific region. UNC3886 has been using Virtual Machine Communication Interface (VMCI) sockets for lateral movement and continued persistence, thereby allowing it to establish a covert channel between the ESXi host and its guest VMs. The group has also been observed harvesting credentials from vCenter servers and abusing CVE-2023-20867 to execute commands and transfer files to and from guest VMs from a compromised ESXi host.
- Chinese Hackers Exploit VMware Zero-Day to Backdoor Windows and Linux Systems The Hacker News
- Chinese hackers used VMware ESXi zero-day to backdoor VMs BleepingComputer
- VMware ESXi Zero-Day Used by Chinese Espionage Actor to Perform Privileged Guest Operations on Compromised Hypervisors Mandiant
- China-linked APT UNC3886 used VMware ESXi Zero-Day Security Affairs
- Chinese Cyberspies Caught Exploiting VMware ESXi Zero-Day SecurityWeek
Reading Insights
0
0
2 min
vs 3 min read
77%
459 → 107 words
Want the full story? Read the original article
Read on The Hacker News