VMware patched today a VMware ESXi zero-day vulnerability exploited by a Chinese-sponsored hacking group to backdoor Windows and Linux virtual machines and steal data.
The cyber espionage group—tracked as UNC3886 by cybersecurity firm Mandiant who discovered the attacks—abused the CVE-2023-20867 VMware Tools authentication bypass flaw to deploy VirtualPita and VirtualPie backdoors on guest VMs from compromised ESXi hosts where they escalated privileges to root.
Update VMware Tools to v12.2.5
Source: Chinese hackers used VMware ESXi zero-day to backdoor VMs (ampproject.org)