"Malware Shifting to Virtual Environments, Warns Mandiant"

Mandiant has released a report detailing novel malware that attacks VMware hypervisors, stating that the state-sponsored hackers behind it may be shifting their targets from workstations to virtual environments where Endpoint Detection and Response (EDR) solutions are not supported. Analysts at the threat intelligence firm suspect that the threat actor behind a novel malware family is connected to China and that the malware is used for cyberespionage. The VMware ESXi hypervisor and VMware appliances that run virtual Linux and Windows machines are affected. Mandiant reports that it is aware of fewer than ten organizations infected with the novel malware, but warns that more businesses should be looking out for it. More organizations are expected to discover compromised VMware infrastructure in their environments, according to Charles Carmakal, a senior vice president at Mandiant. Malware has moved into new environments such as network appliances, storage area network arrays, and the VMware ESXi hypervisor as a result of improved EDR. The malware families called VirtualPita, VirtualPie, and VirtualGate enable a threat actor to maintain administrative access to the hypervisor, execute commands on virtual machines, and transfer files. This article continues to discuss the VirtualPita, VirtualPie, and VirtualGate malware families attacking VMware hypervisors.

InfoRiskToday reports "Malware Shifting to Virtual Environments, Warns Mandiant"