A new wave of ransomware actors is rewriting the rulebook, and their sights are set on the foundation of enterprise infrastructure: VMware ESXi. Scattered Spider—also tracked as UNC3944, 0ktapus, and Muddled Libra among others—is one of the most agile and dangerous...
In April 2025, Marks & Spencer—one of Britain’s most successful retailers—was crippled by a ransomware attack that didn’t just encrypt endpoints. It locked down VMware ESXi hypervisors, freezing core systems and bringing operations to a standstill. Sales were...
Nathan Montierth and Joseph Comps from Vali Cyber’s Threat Intelligence Team break down why traditional network defenses, such as firewalls, aren’t enough to stop modern threats. Using a real-world inspired attack from UNC3886, where the firewall was the...
Exploits targeting hypervisors are at an all-time high. Enterprise virtualization is a prime target for threat groups due to valuable data and the challenges associated with preventing escape to host attacks. This has been validated with the recent ATT&CK v17...
Modern hypervisors form the backbone of today’s cloud and virtualization environments. By enabling multiple business functions to reside on a single physical server, they enhance efficiency and reduce administrative overhead. As organizations increasingly rely...
In a landmark update, MITRE ATT&CK v17 introduces a dedicated ESXi platform to its framework, bringing hypervisor threats into the spotlight. This move validates what security teams have been seeing for years: attackers are targeting hypervisors directly, and...
