BlackByte Exploits VMware ESXi Authentication Flaw

August 29, 2024 | The BlackByte ransomware group, believed to have splintered from Conti, is exploiting a newly disclosed VMware ESXi authentication bypass flaw (CVE-2024-37085). According to Cisco Talos Incident Response, this marks a significant shift in BlackByte’s tactics, moving away from their usual methods like credential theft and web shells.

Experts, including BlueVoyant’s Austin Berglas and Critical Start’s Callie Guenther, note that this pivot to exploiting fresh vulnerabilities could make BlackByte’s attacks more unpredictable and challenging to defend against. The flaw was recently added to CISA’s Known Exploited Vulnerabilities catalog, signaling its serious potential for widespread abuse.

[Read more on evolving cyber threats]

Newsletter Signup

Stay up-to-date on the latest resources and news from CRITICALSTART.