Chinese APT actor targeting unpatched SonicWall devices in credential stealing campaign
New attacks are similar to those that other China-backed actors have carried out in recent years as part of cyber espionage and data theft campaigns against US companies. A likely China-based threat actor is targeting unpatched SonicWall Secure Mobile Access 100 Series (SMA100) devices with highly persistent malware for stealing user credentials and providing the […]
Read MoreAttackers Demonstrate Novel Way to Compromise EXSi Hypervisors
Key takeaway: Don’t allow vSphere Installation Bundles (VIBs) to become a vehicle for sneaking malware into your environment. (276 words) What happened: A China-based threat actor installed multiple backdoors on ESXi hypervisors at several organizations using malicious vSphere Installation Bundles. The backdoors enable a lot of bad things including persistent access, arbitrary command execution and […]
Read More