Scattered Spider hackers have been targeting VMware ESXi hypervisors in U.S. companies across various sectors through sophisticated social engineering techniques, rather than exploiting software vulnerabilities. Their attack methodology enables them to gain significant control over virtualized environments, leading to data exfiltration and ransomware deployment. Google Threat Intelligence Group has outlined protective measures organizations can take to defend against these attacks.

Ransomware groups are exploiting the legitimate Kickidler employee monitoring software for reconnaissance and credential theft after breaching networks. The software enables attackers to capture keystrokes and identify off-site cloud backups, facilitating further malicious activities such as encrypting VMware ESXi infrastructure. Cybersecurity experts recommend tightening controls on remote monitoring and management tools to prevent these types of attacks.