The Chinese state-sponsored group known as UNC3886 has found a way to exploit a flaw in VMware ESXi hosts to backdoor Windows and Linux systems.
The VMware Tools authentication bypass vulnerability, tracked as CVE-2023-20867, enabled the execution of privileged commands across Windows, Linux, and PhotonOS guest VMs without authentication of guest credentials from a compromised ESXi host and no default logging on guest VMS, Mandiant said.
According to Mandiant, this demonstrates how vigilant these groups are in detecting and reporting malicious activity.
UNC3886 was initially discovered by the Google-owned threat intelligence firm in September 2022 as a cyber espionage actor infecting VMware ESXXi and vCenter servers with backdoors named VIRTUALPITA and VIRUALPIE.
The threat actor has been described as a highly adept adversary against defense, technology, and telecommunication organizations in the U.S., Japan, and the Asia-Pacific
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply