Chinese cyberspies exploited critical VMware vCenter flaw undetected for 1.5 years

Chinese cyberspies exploited critical VMware vCenter flaw undetected for 1.5 years


In October, VMware fixed a critical remote code execution vulnerability in its vCenter Server (CVE-2023-34048) and Cloud Foundation enterprise products that are used to manage virtual machines across hybrid clouds. It has now come to light that a Chinese cyberespionage group had been exploiting the vulnerability for 1.5 years before the patch became available.

“These findings stem from Mandiant’s continued research of the novel attack paths used by UNC3886, which historically…



Source link