Widespread cyberattack hits servers across Europe
>
Hackers are widely exploiting a known vulnerability in VMware’s ESXi servers, targeting endpoints (opens in new tab) across Europe and North America, government officials and company spokespersons have confirmed.
Italy’s National Cybersecurity Agency (ACN) has warned companies using these VMware products to immediately update their devices to stay safe from the ongoing cybercrime campaign.
ANSA (a major Italian news agency) went on to say that hackers not only targeted servers in Italy, but also servers in France, Finland, the United States and Canada.
500 victims and more
Reports have claimed that “dozens” of organizations in Italy have been affected by the campaign. The agency says companies were warned to take action “to avoid being locked out of their systems,” suggesting the attackers used the vulnerability in ransomware campaigns.
Across the Atlantic, US cybersecurity officials analyzed the incoming reports:
“CISA is working with our public and private sector partners to assess the impact of these reported incidents and provide assistance as needed.” Reuters (opens in new tab) quoted the US Cybersecurity and Infrastructure Security Agency.
A VMware spokesperson said the hackers exploited a flaw discovered in early 2021 and patched in February of that year. The company also urged its customers to apply the patch immediately.
A separate report published by The heap (opens in new tab) claims that more than 500 companies have been affected by the campaign so far and that it was indeed a ransomware attack. Companies in France would have been hit the hardest. CERT-FR, the country’s national government’s computer security incident response team, says the attack is semi-automatic and targets servers vulnerable to CVE-2021-21974.
The flaw is described as an OpenSLP HeapOverflow vulnerability, which could allow remote attackers to execute code.
So far, we don’t know which ransomware group initiated the attack and which encryptor is deployed, but about 20 servers are being hit every hour, according to reports.