Recherche : [ESXi] - Cyberveille

Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption | Microsoft Security Blog https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/

29/07/2024 18:47:07

Microsoft researchers have uncovered a vulnerability in ESXi hypervisors being exploited by several ransomware operators to obtain full administrative permissions on domain-joined ESXi hypervisors. ESXi is a bare-metal hypervisor that is installed directly onto a physical server and provides direct access and control of underlying resources. ESXi hypervisors host virtual machines that may include critical servers in a network. In a ransomware attack, having full administrative permission on an ESXi hypervisor can mean that the threat actor can encrypt the file system, which may affect the ability of the hosted servers to run and function. It also allows the threat actor to access hosted VMs and possibly to exfiltrate data or move laterally within the network.

New Play Ransomware Linux Variant Targets ESXi Shows Ties With Prolific Puma | Trend Micro (US) https://www.trendmicro.com/en_us/research/24/g/new-play-ransomware-linux-variant-targets-esxi-shows-ties-with-p.html?ref=news.risky.biz

22/07/2024 15:12:35

Trend Micro threat hunters discovered that the Play ransomware group has been deploying a new Linux variant that targets ESXi environments.

RansomHub Draws in Affiliates with Multi-OS Capability and High Commission Rates https://www.recordedfuture.com/ransomhub-draws-in-affiliates-with-multi-os-capability-and-high-commission-rates

24/06/2024 20:15:50

Discover how RansomHub's ransomware-as-a-service targets Windows, Linux, and ESXi systems.

VMware ESXi Zero-Day Used by Chinese Espionage Actor to Perform Privileged Guest Operations on Compromised Hypervisors https://www.mandiant.com/resources/blog/vmware-esxi-zero-day-bypass

27/06/2023 21:45:57

Additional techniques UNC3886 utilized across multiple organizations to evade EDR solutions.

Ransomware : des centaines de serveurs VMware ESXi pris dans une vaste campagne https://www.lemagit.fr/actualites/365530273/Ransomware-vaste-campagne-contre-les-serveurs-VMware-ESXi

05/02/2023 10:52:27

Déclenchée ce vendredi 3 février, une vaste campagne d’infection avec ransomware frappe les serveurs VMware ESXi à travers le monde. La France ne fait pas exception. L’échelle suggère une opération automatisée.

Campagne d’exploitation d’une vulnérabilité affectant VMware ESXi https://www.cert.ssi.gouv.fr/alerte/CERTFR-2023-ALE-015/

05/02/2023 10:51:57

Le 03 février 2023, le CERT-FR a pris connaissance de campagnes d'attaque ciblant les hyperviseurs VMware ESXi dans le but d'y déployer un rançongiciel.

Dans l'état actuel des investigations, ces campagnes d'attaque semblent exploiter la vulnérabilité CVE-2021-21974, pour laquelle un correctif est disponible depuis le 23 février 2021. Cette vulnérabilité affecte le service Service Location Protocol (SLP) et permet à un attaquant de réaliser une exploitation de code arbitraire à distance.

Les systèmes actuellement visés seraient des hyperviseurs ESXi en version 6.x et antérieures à 6.7.

Un ransomware attaque les clients ESXi des hébergeurs français (MAJ) https://www.lemondeinformatique.fr/actualites/lire-un-ransomware-attaque-les-clients-esxi-des-hebergeurs-francais-maj-89437.html

05/02/2023 10:51:30

Plusieurs alertes ont été lancées par différents hébergeurs sur une campagne d'attaque par ransomware concernant des serveurs basés sur l'hyperviseur ESXi de VMware. OVH a dans un premier temps identifié le rançongiciel Nevada dans un blog avant de corriger son message.

A Custom Python Backdoor for VMWare ESXi Servers https://blogs.juniper.net/en-us/threat-research/a-custom-python-backdoor-for-vmware-esxi-servers

14/12/2022 08:44:25

Juniper Threat Labs analyzes a backdoor installed on a compromised VMware ESXi server that can execute arbitrary commands and launch reverse shells.

Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors | Mandiant https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence

03/10/2022 20:11:54

Earlier this year, Mandiant identified a novel malware ecosystem impacting VMware ESXi, Linux vCenter servers, and Windows virtual machines that enables a threat actor to take the following actions:

1) Maintain persistent administrative access to the hypervisor
2) Send commands to the hypervisor that will be routed to the guest VM for execution
3) Transfer files between the ESXi hypervisor and guest machines running beneath it
4) Tamper with logging services on the hypervisor

Kaspersky report on Luna and Black Basta ransomware https://securelist.com/luna-black-basta-ransomware/106950/

22/07/2022 09:04:18

This report discusses new ransomware, that targets Windows, Linux and ESXi systems: Luna written in Rust and Black Basta.

New Linux-Based Ransomware Cheerscrypt Targets ESXi Devices https://www.trendmicro.com/en_us/research/22/e/new-linux-based-ransomware-cheerscrypt-targets-exsi-devices.html

27/05/2022 10:59:32

Trend Micro Research detected “Cheerscrypt”, a new Linux-based ransomware variant that compromises ESXi servers. We discuss our initial findings in this report.

Liens par page

Filtres