FlagThis

Ransomware groups are exploiting VMware ESXi hypervisors using SSH tunneling to maintain stealthy access. Attackers are leveraging known vulnerabilities or stolen admin credentials to infiltrate ESXi instances and then use built-in SSH service for lateral movement and ransomware deployment. This allows the attackers to remain undetected while encrypting virtual environments.