HomeCII/OTChinese Cybercriminal Misused ESXi Zero-Day for Stealing Data from Guest VMs

Chinese Cybercriminal Misused ESXi Zero-Day for Stealing Data from Guest VMs

Published on

spot_img

A Chinese cyber-espionage group has been exploiting a zero-day authentication bypass flaw in VMware ESXi hosts to execute privileged commands on guest virtual machines, according to researchers. The vulnerability was discovered by Mandiant, while investigating the activities of UNC3886, a Chinese threat actor that was previously found to have been targeting VMware ESXi hosts. The bug, present in VMware Tools which is designed for enhanced management of guest operating systems, allows attackers to exploit a compromised ESXi host to transfer files to and from Windows, Linux, and vCenter guest virtual machines, without the need for guest credentials and without default logging. VMware has since released a patch for the flaw. While Mandiant found no evidence of UNC3886 utilising any zero-day vulnerability to break into the ESXi environment, they did highlight the threat actor’s ability to flexibly switch up attacker paths and tactics.

Source link

Latest articles

Langflow Flaws Exposed: AI Servers Preparing for Takeover

Rubrik Highlights Critical Security Flaws in AI Development Platforms By Rashmi Ramesh | July 1,...

Link11 Unveils Next-Generation Network DDoS Protection

Frankfurt am Main, Germany, July 1st, 2026 — CyberNewswire Link11, renowned as a leading European...

Microsoft Speeds Up Quantum-Safe Initiative with New Timeline

Microsoft has announced an acceleration of its initiatives aimed at transitioning to post-quantum cryptography...

Dawnguard Unveils Cloud Security Automation Platform

Dawnguard Launches Comprehensive Security Architecture Automation Platform Dawnguard, a prominent player in the cybersecurity landscape,...

More like this

Langflow Flaws Exposed: AI Servers Preparing for Takeover

Rubrik Highlights Critical Security Flaws in AI Development Platforms By Rashmi Ramesh | July 1,...

Link11 Unveils Next-Generation Network DDoS Protection

Frankfurt am Main, Germany, July 1st, 2026 — CyberNewswire Link11, renowned as a leading European...

Microsoft Speeds Up Quantum-Safe Initiative with New Timeline

Microsoft has announced an acceleration of its initiatives aimed at transitioning to post-quantum cryptography...