Cybercriminals are using VMware’s Cloud software to launch ransomware attacks

Share post:

Cybercriminals are using a two-year-old vulnerability in VMware’s Cloud software to launch a large-scale ransomware attack against VMware ESXi servers, according to France’s computer emergency response team (CERT-FR).

The threat actors appear to be exploiting CVE-2021-21974, a heap overflow vulnerability with a severity rating of “important” that VMware publicly disclosed and patched in February 2021.

The cybercriminals have been trying to target VMware ESXi servers since February 3, according to CERT-FR, while Italy’s national cybersecurity agency ACN warned on Sunday of a large-scale ransomware campaign targeting thousands of servers across Europe and North America.

U.S.cybersecurity officials have also confirmed that the ESXiArgs campaign is being investigated. “CISA is collaborating with our public and private sector partners to assess the impact of these reported incidents and provide assistance where necessary,” a CISA spokesperson said. “Any organization experiencing a cybersecurity incident should notify CISA or the FBI immediately.”

The president and founder of French cloud provider Scaleway, Arnaud de Bermingham, tweeted that a fast-moving ransomware was infecting servers running VMware ESXi versions 6.x and urged users to upgrade immediately.

The ransomware attacks appear to be targeting “end-of-general-support or significantly out-of-date products by leveraging known vulnerabilities previously addressed and disclosed in VMware security advisories,” according to a VMware spokesperson.

The sources for this piece include an article in Axios.

SUBSCRIBE NOW

Related articles

North Korean Job Scam Targeting IT Job Seekers

North Korea’s Lazarus advanced persistent threat (APT) group has launched a sophisticated campaign, “Operation 99,” targeting freelance software...

Hackers Exploit FastHTTP in High-Speed Microsoft 365 Attacks

Threat actors are employing the FastHTTP Go library to launch high-speed brute-force password attacks on Microsoft 365 accounts...

YouTubers Targeted As Cyberattackers Hide Infostealers in YouTube Comments, Google Search Results

Attackers have found a new way to infect people seeking pirated or cracked software: planting malicious download links...

New macOS Malware Exploits Apple’s Security Features to Stay Hidden and Steal User Data

A newly discovered variant of the Banshee macOS Stealer malware is putting 100 million Apple users at risk...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways