In recent years, threat actors have adapted their tactics to focus more on specific operating systems that carry sensitive data, or where an attack can have the greatest effect.
On Thursday, Sept. 29, cybersecurity firm Mandiant announced a new, specialized variant of malware targeting vSphere. VMware prioritizes the security of its customers and has published a blog with useful guidance. The blog arms customers with ways they can address their configurations and processes to better protect environments from novel malware to begin with. The guidance also includes mitigation steps.
VMware and Mandiant coordinated on the announcement, and the investigation found no evidence that a VMware vulnerability was exploited. In most cases, finding malware is an indication that compromise has already occurred through operational security weaknesses such as unauthorized administrative credentials. Mandiant has named the malware artifacts VirtualPITA (ESXi & Linux), VirtualPIE (ESXi), and VirtualGATE (Windows).
Read the VMware blog to learn more: Protecting vSphere from Specialized Malware