BLOG POSTS
BRICKSTORM: Nation-State Operators Are Moving Into the Hypervisor Layer
The December 2025 CISA/NSA/Cyber Centre analysis of BRICKSTORM represents one of the clearest signals yet that hypervisors have become priority targets for state-backed cyber operations. The report attributes BRICKSTORM to PRC...
Enhance VCF 9 Security with ZeroLock®
As organizations continue to adopt VMware Cloud Foundation (VCF) 9, security remains a top priority. Hypervisors are an increasingly critical layer which—if compromised—can give attackers complete control over the environment. VCF 9 has...
End of Year Review: Why Virtualization is Falling into the C-Suite Spotlight
When attackers reach the virtualization layer, they gain control of the systems that run the entire business. This unfortunate scenario has occurred exponentially in recent years as threat actors discover that the hypervisor remains the...
Everything You Need to Know About Hypervisors
Virtualization changed everything about how modern computing works, but most people have no idea what’s happening under the hood. Before virtualization, companies had to buy a separate physical machine for every single application they...
How ZeroLock Mitigates BRICKSTORM: Securing VMware Against Advanced Threats
BRICKSTORM is a custom-made malware family recently being used by suspected state-aligned threat actors out of China. Some of the binary files associated with BRICKSTORM appear to have been made specifically to target vCenter servers and...
DragonForce: A Threat Profile
Aliases DragonForce Malaysia (early hacktivist identity) DragonForce Ransomware Gang DragonLeaks (leak site) DFRansom Get Threat Intel and Security Updates Delivered to Your Inbox. [gravityform id="12" title="false"...
CISOs: Lead the Charge in Virtualization Security in 2026
CISOs have spent the last decade hardening endpoints, identities, and cloud workloads. Yet for many organizations, the hypervisor remains dangerously exposed. Over the past four years, hypervisor-specific ransomware has driven an...
ShinyHunters: A Threat Profile
Aliases ShinyCorp UNC6240 Sometimes referenced as “Scattered Lapsus$ Hunters” in recent collaborations. Get Threat Intel and Security Updates Delivered to Your Inbox. [gravityform id="12" title="false" description="false" ajax="true"...
LockBit: A Threat Profile
Aliases ABCD ransomware LockBit 2.0 LockBit Black (3.0) LockBit Green LockBit 5.0 Get Threat Intel and Security Updates Delivered to Your Inbox. [gravityform id="12" title="false" description="false" ajax="true" tabindex="49"...
The 99% Solution: MFA for Hypervisor Security
Hypervisor attacks are accelerating, and the cost is catastrophic. Recent ESXi ransomware attacks have cost organizations hundreds of millions in recovery. In some cases, a single ESXi breach has led to costs exceeding $400 million. ...
Scattered Spider and the Finance Sector: Ransomware Tactics Banks Can’t Afford to Ignore
The financial sector is built on trust, speed, and constant availability. Despite publicly announcing their “retirement,” Scattered Spider has resurfaced with fresh intrusions into U.S. banks and financial services. Their latest ESXi...
Executive Briefing: Hypervisor Ransomware—The Hidden $400 Million Board-Level Exposure
Why The Board Should Act Now As hypervisor attacks surge and exposure widens, this once-overlooked layer now poses material risk to revenue, operations, and oversight. Ransomware on VMware ESXi has tripled YoY. Attackers have shifted to...
Scattered Spider: A Threat Profile
Aliases UNC3944 (Google Mandiant) The Com/The Community Octo Tempest (Microsoft) Oktapus (Group-IB) Muddled Libra (Palo Alto Unit 42) Scatter Swine (Okta) StarFraud Storm-0875 Profiling Demographics: Primarily young operators (assessed...
RansomHub Is Gone—But Their ESXi Ransomware Tactics Still Threaten Virtual Infrastructure
In 2024, one ransomware group surged to the forefront: RansomHub. Rapidly dominating the ransomware-as-a-service (RaaS) landscape, this formidable cybercriminal network successfully breached over 600 organizations worldwide, targeting...
Scattered Spider: The Group Behind Major ESXi Ransomware Attacks
A new wave of ransomware actors is rewriting the rulebook, and their sights are set on the foundation of enterprise infrastructure: VMware ESXi. Scattered Spider—also tracked as UNC3944, 0ktapus, and Muddled Libra among others—is one of...
From Retail Floors to Virtual Cores: ESXi Is the Next Attack Vector in Retail
In April 2025, Marks & Spencer—one of Britain’s most successful retailers—was crippled by a ransomware attack that didn’t just encrypt endpoints. It locked down VMware ESXi hypervisors, freezing core systems and bringing operations to...