VMware

Hackers are exploiting the legitimate employee monitoring tool Kickidler to obtain login credentials and deploy ransomware encryptors. The attack begins with a poisoned ad on the Google Ads network, leading to a trojanized version of RVTools. This version deploys a backdoor called SMOKEDHAM, which is then used to install Kickidler. The tool is specifically used to target enterprise administrators and their login credentials. The goal is to infiltrate the network and deploy the encryptor. The payloads targeted VMware ESXi infrastructure, encrypting VMDK virtual hard drives. The groups Qilin and Hunters International are focused on cloud backups but have faced challenges due to defenders decoupling backup system authentication from Windows domains.

Source: https://www.techradar.com/pro/security/popular-employee-monitoring-software-hijacked-to-launch-ransomware-attacks

"id": "vmw222051225",
"linkid": "vmware",
"type": "Ransomware",
"date": "5/2025",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization's existence: Attack in which the personal and financial information is compromised, Attack which stop a factory, Attack which take over on all data from a company, Attack which take specific data like patents, Attack in which company is requested to pay a ransom or ransomware involved"