Scattered Spider Uses Social Engineering to Target VMware ESXi; Fire Ant Espionage and Akira Ransomware Hit SonicWall VPNs

The ransomware group Scattered Spider has advanced its tactics to target VMware ESXi servers by leveraging social engineering techniques, including calls to IT help desks, to gain access to enterprise networks. This escalation poses risks to critical U.S. infrastructure. Concurrently, a China-linked espionage campaign named Fire Ant has been identified, targeting virtualization and networking infrastructure such as VMware ESXi, vCenter environments, and F5 networking appliances, according to research by Sygnia Labs. Additionally, the Akira ransomware is exploiting SonicWall SSL VPNs, including fully patched devices, likely through a zero-day vulnerability or credential abuse, with attacks increasing in late July. Security experts advise organizations to disable SSL VPNs until further notice. Amid these developments, Verizon has shifted its cybersecurity strategy from vulnerability management to exposure management, emphasizing a proactive, risk-based approach that prioritizes addressing the most critical threats rather than attempting to fix all vulnerabilities.