Earlier this year, Mandiant identified a novel malware ecosystem impacting VMware ESXi, Linux vCenter servers, and Windows virtual machines that enables a threat actor to take the following actions:
1) Maintain persistent administrative access to the hypervisor
2) Send commands to the hypervisor that will be routed to the guest VM for execution
3) Transfer files between the ESXi hypervisor and guest machines running beneath it
4) Tamper with logging services on the hypervisor
