BlackByte Targets Vulnerable VMware ESXi Instances

August 29, 2024 | The BlackByte ransomware group, believed to have branched off from Conti, is exploiting a newly discovered VMware ESXi authentication bypass flaw (CVE-2024-37085), as reported by Cisco Talos Incident Response. This marks a significant shift in their tactics, moving from traditional methods to leveraging this fresh vulnerability.

According to experts from BlueVoyant and Critical Start, this adaptation could make BlackByte’s attacks more effective and difficult to anticipate. The flaw, recently added to CISA’s Known Exploited Vulnerabilities catalog, is now a key focus for cybersecurity defenders as it resembles tactics used in advanced persistent threat operations.

[Read more on BlackByte’s evolving tactics]

Newsletter Signup

Stay up-to-date on the latest resources and news from CRITICALSTART.