Chinese hackers exploit VMware bug as zero-day for two years

Chinese hackers exploit VMware bug as zero-day for two years


A Chinese hacking group has been exploiting a critical vCenter Server vulnerability (CVE-2023-34048) as a zero-day since at least late 2021.

The flaw was patched in October, with VMware confirming this Wednesday that it’s aware of CVE-2023-34048 in-the-wild exploitation, although it didn’t share any other details on the attacks.

However, as security firm Mandiant revealed today, the vulnerability was used by the UNC3886 Chinese cyber espionage group as part of a previously reported…



Source link