From Malware to Hypervisors: BlackByte Targets VMware’s Freshest Flaw
The BlackByte ransomware group has shifted tactics, exploiting a recent authentication bypass vulnerability in VMware ESXi, CVE-2024-37085, according to a report from Cisco Talos. This marks a departure from their typical methods of exploiting known vulnerabilities and deploying phishing or brute force attacks.
Steve Zurier writes for SC Media
The exploitation of CVE-2024-37085 may be a shift from normal attack strategies which have included phishing and distribution of malware, brute force attacks, and credential stuffing,” said Berglas. “Although exploitation of known vulnerabilities has always been part of these groups' common toolkit, the exploitation of the authentication bypass vulnerability in VMware requires greater persistence than previously seen.
Experts suggest this new approach allows BlackByte to gain deeper footholds in enterprise environments, increasing the effectiveness of their attacks.