The SEXi ransomware, which recently rebranded itself as APT INC, continues to plague VMware's ESXi servers, causing significant disruptions to services and potentially leaking sensitive customer data. The attacks underscore the critical vulnerabilities within the ESXi platform and the importance of robust security measures to prevent such incidents.
Source: https://securityaffairs.com/166014/malware/security-affairs-malware-newsletter-round-3.html
TPRM report: https://scoringcyber.rankiteo.com/company/vmware
"id": "vmw000072224",
"linkid": "vmware",
"type": "Ransomware",
"date": "7/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Technology',
'name': 'VMware',
'type': 'Organization'}],
'attack_vector': 'Exploitation of vulnerabilities in VMware ESXi servers',
'data_breach': {'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Sensitive customer data'},
'description': 'The SEXi ransomware, which recently rebranded itself as APT '
"INC, continues to plague VMware's ESXi servers, causing "
'significant disruptions to services and potentially leaking '
'sensitive customer data. The attacks underscore the critical '
'vulnerabilities within the ESXi platform and the importance '
'of robust security measures to prevent such incidents.',
'impact': {'data_compromised': 'Potentially sensitive customer data',
'downtime': 'Significant disruptions to services',
'systems_affected': 'VMware ESXi servers'},
'lessons_learned': 'Importance of robust security measures to prevent such '
'incidents.',
'motivation': 'Disruption of services and potential data leakage',
'ransomware': {'ransomware_strain': 'SEXi (rebranded as APT INC)'},
'threat_actor': 'SEXi ransomware (rebranded as APT INC)',
'title': 'SEXi Ransomware Attack on VMware ESXi Servers',
'type': 'Ransomware',
'vulnerability_exploited': 'Critical vulnerabilities within the ESXi platform'}