Stealthy cyber spies linked to China compromising virtualization software globally

A cyber-espionage campaign linked to a sophisticated hacking group believed to be based in China is continuing to compromise virtualization and networking infrastructure used by enterprises globally, according to a new deep-dive report by cybersecurity company Sygnia.

The hackers are targeting VMware ESXi hypervisors, a type of software that controls and hosts virtual machines for enterprise networks. They are using custom tools that grant persistent access while evading detection by standard security measures such as endpoint detection and response (EDR) systems.

Sygnia is tracking the campaign under the name Fire Ant, which shares similarities with UNC3886, based on what its regional head of incident response described as “unique” engagements.

Read more at The Record