Hackers Utilize Linux Rootkits to Conceal Themselves on VMware ESXi Virtual Machines in UNC3886

In a recent cybersecurity threat, hackers identified as UNC3886 have been using Linux rootkits to conceal their presence on VMware ESXi virtual machines (VMs). This method allows the hackers to remain undetected while gaining unauthorized access to sensitive information. Rootkits are a type of malware that hide their presence within a system, making it difficult … Read more

Hackers Employ Linux Rootkits to Conceal Themselves on VMware ESXi Virtual Machines in UNC3886

Hackers Employ Linux Rootkits to Conceal Themselves on VMware ESXi Virtual Machines in UNC3886

A Chinese threat actor known as UNC3886 has been using open source rootkits Reptile and Medusa to hide on VMware ESXi virtual machines while stealing credentials and executing commands. Mandiant has been tracking UNC3886’s activities against government organizations, including attacks exploiting zero-day vulnerabilities in Fortinet and VMware products. UNC3886 has recently targeted organizations in North … Read more