Hackers Possibly From China Using New Method to Deploy Persistent ESXi Backdoors
The new technique, spotted by Mandiant in April, involves using malicious vSphere Installation Bundles (VIBs). A VIB is a collection of files packaged into a single archive to facilitate distribution — they are similar to a tarball or ZIP archive. VIB packages can be used to create startup tasks, custom firewall rules, or to deploy…