Chinese cyberespionage group UNC3886 has been exploiting a VMware ESXi zero-day vulnerability to escalate privileges on guest virtual machines, according to cybersecurity firm Mandiant.
UNC3886 has been using malicious vSphere Installation Bundles (VIBs) to install backdoors on ESXi hypervisors and gain command execution, file manipulation, and reverse shell capabilities.
1 comment
[ 3.2 ms ] story [ 15.1 ms ] threadUNC3886 has been using malicious vSphere Installation Bundles (VIBs) to install backdoors on ESXi hypervisors and gain command execution, file manipulation, and reverse shell capabilities.