Scattered Spider is running a VMware ESXi hacking spree

Scattered Spider hackers have been aggressively targeting virtualized environments by attacking VMware ESXi hypervisors at U.S. companies in the retail, airline, transportation, and insurance sectors.

According to the Google Threat Intelligence Group (GITG), the attackers keep employing their usual tactics that do not include vulnerability exploits but rely on perfectly executed social engineering “to bypass even mature security programs.”

The researchers say that the gang starts an attack by impersonating an employee in a call to the IT help desk. The threat actor’s purpose is to convince the agent to change the employee’s Active Directory password and thus obtain initial access.

To read the complete article see: Bleeping Computer