August 26, 2025
Random News

OSCE News

About Editor

Hillan Leo

Find Me On

Trending News

These 74 robotics companies are hiring
Energy
These 74 robotics companies are hiring 01
02
Energy
iRobot names former Timex head Gary Cohen as CEO
03
News
From Naxos to Lake Garda: US Travelers Embrace Europe’s Local Favorites This Summer
04
Industry
EU Commissioner Urges Greater Funding for Space Projects from Long‑Term Budget
05
Industry
Trump’s AI Blueprint: Energy‑Intensive Centers, Anti‑Woke Tech, and Dominating the AI Frontier

Scattered Spider unleashes a VMware ESXi hacking frenzy

Nicol03 mins
Scattered Spider unleashes a VMware ESXi hacking frenzy

Emerging Threat: Scattered Spider and VMware ESXi

A new menace has surfaced from the Scattered Spider hackers, a group largely composed of young offenders. They are now focusing on virtualised environments, especially by attacking VMware ESXi hypervisors. Many of the victims are U.S. companies in the retail, airline, transportation, and insurance sectors.

How the Attack Works

The Google Threat Intelligence Group describes the method: the attackers use the name of a high‑value administrator, call the help desk, impersonate that privileged user, and request a password reset. Once the reset is granted, the attackers take control of the privileged account.

Social Engineering in Action

Ronen Ahdut, Head of Cyops at Cynet, explains the primary motive:

  • Scattered Spider elevates social engineering to a new level of precision and boldness.
  • Instead of exploiting software vulnerabilities, they manipulate human trust in real time.
  • They often impersonate employees via live Teams calls or chats to convince IT and help desk staff to reset MFA or Active Directory credentials.

Ahdut also notes the group’s fluency in English and deep familiarity with U.S. and U.K. corporate environments, which strengthens their approach.

Why VMware ESXi Is Attractive

VMware ESXi is an enterprise‑class type‑1 hypervisor used for deploying and serving virtual computers. Ahdut states:

  • ESXi hosts the virtual machines that power core business operations.
  • Compromising ESXi allows attackers to exfiltrate or encrypt entire environments, causing widespread disruption.
  • ESXi systems are often under‑monitored, making them ideal pivot points for lateral movement and stealthy persistence.
  • These features make ESXi a high‑value target in modern ransomware campaigns.

Defending Against Scattered Spider

Ahdut advises defenders to expand their view of the attack surface:

  • Include both technical systems and human behaviour.
  • Employ identity‑centric security, layered verification, and Zero Trust principles even within internal environments.
  • Traditional controls like patching and segmentation remain essential.
  • Resilience depends on anticipating and disrupting human‑driven intrusion paths.

In summary, Scattered Spider uses sophisticated social engineering combined with technical skills to target VMware ESXi hypervisors. Effective defense requires a holistic approach that addresses both technology and people.

Related News