In recent years, threat actors have adapted their tactics to focus more on specific operating systems that carry sensitive data, or where an attack can have the greatest effect.
On Thursday, Sept. 29, cybersecurity firm Mandiant announced a new, specialised variant of malware targeting vSphere. VMware prioritises the security of its customers and has published a blog with useful guidance. The blog arms customers with ways they can address their configurations and processes to better protect environments from novel malware to begin with. The guidance also includes mitigation steps.
VMware and Mandiant coordinated on the announcement, and the investigation found no evidence that a VMware vulnerability was exploited. In most cases, finding malware is an indication that compromise has already occurred through operational security weaknesses such as unauthorised administrative credentials. Mandiant has named the malware artefacts VirtualPITA (ESXi & Linux), VirtualPIE (ESXi), and VirtualGATE (Windows).
Read the VMware blog to learn more: Protecting vSphere from Specialised Malware