Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?
Chinese Hackers Unleash Reptile and Medusa Rootkits on VMware: A Deep Dive into UNC3886’s Stealthy Tactics
Mandiant uncovers UNC3886 using open-source rootkits ‘Reptile’ and ‘Medusa’ on VMware ESXi VMs for long-term persistence and evasion. This sophisticated attack targets governments, tech, aerospace, and more, leveraging custom malware tools like ‘Mopsled’ and ‘Riflespine’ to wreak havoc while remaining stealthy. Rootkitting VMware ESXi VMs…
Hot Take:
Tired of playing hide and seek with your kids? Take some notes from UNC3886! These guys managed to stay hidden in plain sight on virtual machines, making even the best cybersecurity experts feel like they’re looking for Waldo in a haystack. Seriously, who needs invisibility cloaks when you’ve got open-source rootkits?
Key Points:
- UNC3886 uses open-source rootkits ‘Reptile’ and ‘Medusa’ to stay hidden on VMware ESXi virtual machines.
- The threat actor has been exploiting Fortinet and VMware zero-day vulnerabilities for extended periods.
- Mandiant’s latest report reveals custom malware tools like ‘Mopsled’ and ‘Riflespine’ used for command and control.
- Recent attacks targeted a diverse range of sectors globally, including government, telecom, defense, and energy.
- Technical details and indicators of compromise are available in Mandiant’s comprehensive report.
Already a member? Log in here