Scattered Spider hijacks VMware hypervisors via social engineering

Scattered Spider has shifted its operations to target VMware vSphere environments, gaining full control of ESXi hypervisors and the vCenter Server Appliance. Google’s Threat Intelligence Group has outlined a five-phase attack chain that moves from initial access and reconnaissance to hypervisor heist, backup sabotage, and ransomware execution directly from the virtualization layer. The attackers impersonate employees to harvest admin credentials, enable SSH access, change root passwords, extract Active Directory data offline, delete recovery snapshots, and deploy ransomware within hours.

Read more:

https://www.securityweek.com/scattered-spider-targeting-vmware-vsphere-environments/