Kevin BeaumontFeb 3, 2023
I obviously don’t have my tweet thread any more to add to it, but somebody is doing automated destructive attacks on VMware ESXi with 2021 vulns. At the time, to their credit, VMware were very clear in customer comms that not patching could lead to ransomware. #ESXiArgs https://www.bleepingcomputer.com/news/security/massive-esxiargs-ransomware-attack-targets-vmware-esxi-servers-worldwide/
Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide

Admins, hosting providers, and the French Computer Emergency Response Team (CERT-FR) warn that attackers actively target VMware ESXi servers unpatched against a two-year-old remote code execution vulnerability to deploy ransomware.

BleepingComputer
Show threadKevin BeaumontFeb 3, 2023
I don’t yet have a sample of the payload, but I know they’re using automated deployment with internet scanning. #ESXiArgs
Show threadRairii
@GossiTheDog anyone got a honeypot running?
Feb 3, 2023 at 9:19pmWeb