HHS OCIO HC3 – Sector Alert: Novel Malware Persistence Within ESXi Hypervisors

Greetings,
 

HC3 has been made aware of an ongoing novel malware ecosystem impacting VMware ESXi, Linux vCenter servers, and Windows virtual machines based on a Mandiant blog post (Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors ?????), and additional reporting. HC3 analysts assess that working exploits are being leveraged for these vulnerabilities, and additional exploits are highly likely to become available soon. It is recommended that Healthcare and Public Health (HPH) organizations using ESXi and the VMware infrastructure suite follow the hardening steps outlined in this Mandiant blog post to minimize the attack surface of ESXi hosts.
 

Regards,

The HC3 Team

If you have any additional questions, have feedback, or wish to join our distribution list for updates, email us at HC3@hhs.gov

To view our archive of resources, visit our website at www.HHS.gov/HC3.

For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:

John Riggi

National Advisor for Cybersecurity and Risk, AHA

jriggi@aha.org

(O) +1 202 626 2272

More on John Riggi
Learn more about AHA's Cybersecurity and Risk Advisory Services

Key Resources

Related Resources

Testimony
AHA House Statement on “Fiscal Year 2025 Department of Health and Human Services Budget”
Public
Testimony
AHA Testimony for Energy and Commerce Subcommittee Hearing on Cybersecurity
Infographics
H-ISAC TLP GREEN: Daily Cyber Headlines - April 8, 2024
Member
Other Resources
RWJ Barnabas Improves IoT Security Without Care Disruption
Advancing Health Podcast
Part Two: Cyberthreats and Assessing Third-Party Risk with Providence
Public
Advancing Health Podcast
Part One: Cyberthreats and Assessing Third-Party Risk with Providence
Public