Chinese Hackers Deploy Persistent ESXi Backdoors Using a New Method


Hackers, possibly from China, have been employing a new method to install persistent backdoors in VMware ESXi hypervisors, granting them significant capabilities while making detection more challenging.

In April, Mandiant discovered a new technique involving malicious vSphere Installation Bundles (VIBs). Similar to tarball or ZIP archives, a VIB is a collection of files packaged into a single archive to facilitate distribution. When an ESXi machine reboots, VIB packages can be used to create startup tasks, custom firewall rules, or to deploy custom binaries.

It appears that malicious actors have found a way to exploit these packages, which are typically used by administrators to maintain systems and deploy updates. The attackers observed by Mandiant installed two backdoors on ESXi hypervisors using malicious VIBs.

Read More: Hackers Possibly From China Using New Method to Deploy Persistent ESXi Backdoors

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.