A Chinese cyberespionage group called Fire Ant has been targeting VMware and F5 vulnerabilities to breach supposedly secure, isolated networks. The hackers exploited critical flaws like CVE-2023-34048 in vCenter Server and CVE-2023-20867 in ESXi to gain complete control over virtualization infrastructure. They then used compromised systems as stepping stones to access guest virtual machines and tunnel between network segments that should've been separated.
Cybersecurity firm Sygnia found the group shows remarkable persistence, quickly adapting when defenders try to kick them out by deploying backup backdoors and changing tactics. The attack methods strongly resemble those used by another Chinese group, UNC3886.
Source: SecurityWeek