VMware ESXi Flaw Exploited by Ransomware
1. VMware ESXi flaw CVE-2024-37085 (CVSS 6.8) exploited by ransomware groups for privilege escalation.
2. Vulnerability allows attackers to gain administrative access by re-creating deleted Active Directory groups.
3. Ransomware operators like Storm-0506 and Manatee Tempest use the flaw to deploy Akira and Black Basta.
4. Attacks involve exploiting other vulnerabilities, including CVE-2023-28252 (CLFS Driver) for privilege escalation.
5. Victims include an engineering firm in North America; attacks included deploying Cobalt Strike and Pypykatz.
#CVE-2024-37085 #CVE-2023-28252 #VMware #ESXi #Ransomware #PrivilegeEscalation #ActiveDirectory #Cybersecurity #InfoSec #Storm0506 #BlackBasta #Akira #CobaltStrike #Pypykatz #threatactors
1. VMware ESXi flaw CVE-2024-37085 (CVSS 6.8) exploited by ransomware groups for privilege escalation.
2. Vulnerability allows attackers to gain administrative access by re-creating deleted Active Directory groups.
3. Ransomware operators like Storm-0506 and Manatee Tempest use the flaw to deploy Akira and Black Basta.
4. Attacks involve exploiting other vulnerabilities, including CVE-2023-28252 (CLFS Driver) for privilege escalation.
5. Victims include an engineering firm in North America; attacks included deploying Cobalt Strike and Pypykatz.
#CVE-2024-37085 #CVE-2023-28252 #VMware #ESXi #Ransomware #PrivilegeEscalation #ActiveDirectory #Cybersecurity #InfoSec #Storm0506 #BlackBasta #Akira #CobaltStrike #Pypykatz #threatactors