Oh, For F\*ck’s Sake. China Again.
Right, listen up you lot. Apparently, some Chinese-backed clowns – they’re calling them “APT31” because naming things makes them feel important – have been poking holes in VMware since October of last year. A zero-day, no less. Like we don’t have enough to deal with.
They’re abusing a vulnerability in the vCenter Server, specifically related to how it handles authentication. Basically, they’re getting access to credentials and then using those to move around your network like they own the damn place. It affects a bunch of vCenter versions – check the article if you actually bother to *run* anything vulnerable (you probably do).
VMware patched it in March, but surprise surprise, these guys are still at it. They’re using some custom malware called “ShadowWalker” which is as original as a beige box PC. They’ve been targeting organizations in the US, and if you think *your* network isn’t interesting to them, you’re delusional.
CISA has issued an emergency directive – because apparently telling people about this months ago wasn’t enough. Patch your systems. Now. Before they steal all your data and sell it on the dark web. Honestly, I’m starting to think some companies just *want* to get hacked.
Don’t come crying to me when you’re compromised. You had months. Months!
Speaking of patching, I once had to roll back a kernel update on 300 servers at 3 AM because some “genius” decided to push it live without testing. The entire network went down. Good times. Don’t be that genius.