Mandiant has discovered a new ecosystem of espionage-related malware targeting VMware ESXi, Linux vCenter servers, and Windows virtual machines.
The malware offers an attacker persistent administrative access, allows them to transfer files between hypervisors and guest machines, tamper with logging and execute arbitrary commands between virtual machines. The activity is being tracked under a new cluster, meaning Mandiant has not yet connected it to any previously identified advanced persistent threat hacking group, according to a report published this morning.
Devices without endpoint detection and response systems appear to be the threat actor’s deliberate targets.
Read More: Mandiant unearths new espionage-related malware families affecting VMWare hypervisors
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
