All news with #vmware esxi tag

WARP PANDA: Sophisticated China-Nexus Cloud Threats

🔍 CrowdStrike identified a China-nexus adversary, WARP PANDA, conducting covert intrusions against VMware vCenter and cloud infrastructure throughout 2025, deploying novel Golang implants and the backdoor BRICKSTORM. Operations emphasized stealth—log clearing, timestomping, unregistered VMs, and tunnelling via vCenter/ESXi/guest VMs—enabling long-term persistence and data staging from live VM snapshots. WARP PANDA also exfiltrated Microsoft 365 and SharePoint content, registered MFA devices, and abused cloud services for C2, prompting recommendations for tighter ESXi/vCenter controls and robust EDR on guests.

Kraken Ransomware Benchmarks Hosts to Choose Encryption

🔒 The Kraken ransomware targets Windows and Linux/VMware ESXi hosts and runs on-host benchmarks to decide whether to perform full or partial encryption. Cisco Talos researchers found it creates temporary files, times encryption of random data, and uses the result to select an encryption mode that maximizes damage while avoiding overloads. Before encrypting it deletes shadow volumes, stops backup services, appends .zpsc to files, and drops a readme_you_ws_hacked.txt ransom note. The group continues big‑game hunting and data theft for double extortion and has launched a forum called 'The Last Haven Board'.