Hypervisors Infrastructure Attacks

Last Updated on March 24, 2026 by Arnav Sharma

Hypervisor-targeted ransomware just surged 700% in under a year.

That’s not a typo. According to Huntress SOC data from late 2025, hypervisor-focused malicious encryption went from accounting for roughly 3% of cases in the first half of 2025 to a staggering 25% in the second half. The primary group driving that spike? Akira, a ransomware operation that has already extorted an estimated $244 million USD.

If you work in infrastructure or security and you haven’t started treating your hypervisors as a critical attack surface, this is the wake-up call. Attackers have moved down the stack. They’ve realized that compromising one hypervisor gives them the keys to dozens, sometimes hundreds, of virtual machines in a single shot. Forget encrypting endpoints one by one. Why bother when you can take out the entire foundation?

Let me walk through what’s happening, why it’s happening now, and what you can do about it.

The Blind Spot Beneath Your Feet

Here’s the core issue. For years, the security industry has been focused on hardening endpoints. EDR and XDR solutions have gotten genuinely good at catching threats on workstations and servers. Threat actors have noticed. And they’ve responded by going after the layer that sits underneath all those shiny endpoint protections.

Type 1 hypervisors (the bare-metal kind like VMware ESXi) run directly on hardware. Most organizations can’t install EDR agents on them. VMware’s vCenter Server doesn’t always play nice with SIEM platforms. The visibility gap is real, and attackers know it.

Sophos put it bluntly back in 2024: why deal with EDR on VMs when you can just target the underlying, often insecurely configured host and skip all those protections entirely?

Think of it like this. Your VMs are apartments in a building. EDR is the locks on the apartment doors. The hypervisor is the building’s foundation. If someone compromises the foundation, every apartment comes crashing down regardless of how good the locks are.

The Multiplier Effect

What makes hypervisor attacks so devastating is the math. On a traditional endpoint, ransomware encrypts files one by one. On a hypervisor, the attacker encrypts virtual disk files (VMDKs), entire virtual machines rendered unbootable in one pass.

And attackers have gotten clever about the process. They’ll first shut down every active VM on the host so the virtual disk files aren’t locked by running processes. Then they encrypt everything in a clean, static state. The result? Near-perfect encryption rates. No half-encrypted files. No recovery from partial damage.

Security researchers at Security.land described a single hypervisor breach as an “extinction-level event” for infrastructure. That’s not hyperbole when one host might be running your domain controllers, email servers, databases, and application servers all at once.

The VPN Appliance Playbook, All Over Again

Huntress makes an interesting comparison. The shift to hypervisor targeting follows the exact same playbook we saw with VPN appliance attacks. Proprietary operating system? Check. Restricted ability to install EDR? Check. Massive blast radius when compromised? Absolutely check.

We’ve seen this movie before. The question is whether organizations will learn from the VPN appliance era or repeat the same mistakes.

The CVEs That Changed Everything

ESXicape: Three Zero-Days, One Devastating Chain

On March 4, 2025, Broadcom published advisory VMSA-2025-0004 covering three zero-day vulnerabilities in VMware products. All three were confirmed exploited in the wild before the advisory went public, and they were discovered by Microsoft’s Threat Intelligence Center.

Here’s the breakdown:

• CVE-2025-22224 (CVSS 9.3, Critical): A TOCTOU (time-of-check-time-of-use) vulnerability in VMCI that leads to an out-of-bounds write. This gives attackers code execution as the VMX process.
• CVE-2025-22225 (CVSS 8.2, Important): An arbitrary write vulnerability in ESXi that enables a sandbox escape from the VMX process to the hypervisor kernel.
• CVE-2025-22226 (CVSS 7.1, Important): An out-of-bounds read in HGFS that leaks memory from the VMX process.

Chain all three together and you get a full VM-to-hypervisor escape. An attacker starting inside a guest VM can break out, seize control of the ESXi host, and then access every other VM on that host plus the management network.

These flaws affect ESXi, Workstation, Fusion, Cloud Foundation, and Telco Cloud Platform. CISA added all three to the Known Exploited Vulnerabilities catalog the same day. By January 2026, Shadowserver Foundation reported over 30,000 internet-exposed ESXi instances still potentially vulnerable. And in February 2026, CISA confirmed that CVE-2025-22225 was being actively exploited in ransomware campaigns.

CVE-2024-37085: No Exploit Required

If the ESXicape trio represents sophisticated technical exploitation, CVE-2024-37085 is almost the opposite. It’s embarrassingly simple.

Disclosed by Microsoft in July 2024, this vulnerability exploits a default behavior in domain-joined ESXi hosts. Any Active Directory group named “ESX Admins” automatically receives full administrative privileges on the hypervisor. Not based on group SID. Based purely on the group name.

So an attacker with domain access just creates a group called “ESX Admins,” adds their compromised account, and gets full control over every domain-joined ESXi host. No software exploit needed. No buffer overflow. Just knowledge of a default setting that most organizations never changed.

Multiple threat groups jumped on this, including Storm-0506, Storm-1175, Octo Tempest (Scattered Spider), and Manatee Tempest. It led directly to Akira and Black Basta ransomware deployments across numerous organizations.

I’ve seen this pattern in my own work. Organizations that meticulously patch their software sometimes overlook configuration-level weaknesses like this. It’s a good reminder that vulnerability management isn’t just about applying patches.

Real-World Attacks: How Bad Has It Gotten?

Chinese-Linked Zero-Day Toolkit (December 2025)

In December 2025, Huntress researchers detected one of the most sophisticated hypervisor intrusions publicly documented. Attackers deployed a modular exploit toolkit targeting VMware ESXi that supported over 150 different ESXi builds, from version 5.1 all the way through 8.0.

The initial access vector? A compromised SonicWall VPN appliance. From there, the attackers used a Domain Admin account to pivot laterally, eventually reaching domain controllers and ESXi hosts.

The toolkit itself was remarkable. It chained all three ESXicape CVEs for a complete VM escape. The orchestrator component was named MAESTRO, and the post-exploitation backdoor was called VSOCKpuppet, a 64-bit ELF binary that used virtual sockets on port 10000 for command execution and file transfer. Because VSOCK operates between guest VMs and the host at a virtual hardware level, the traffic is completely invisible to traditional network monitoring tools.

Code analysis revealed simplified Chinese strings and folder paths labeled with Chinese characters meaning “All version escape, delivery.” Timestamps in the binaries suggest development started as early as February 2024, more than a year before VMware publicly disclosed the vulnerabilities in March 2025.

The attack was stopped before ransomware was deployed, but the intent was clear.

Scattered Spider: Social Engineering Meets Hypervisor Destruction

Scattered Spider (also tracked as UNC3944 or Octo Tempest) represents a different kind of threat. Instead of sophisticated zero-day exploits, this group relies almost entirely on social engineering. They call IT help desks, impersonate employees, and talk their way into password resets. Once they have Active Directory access, they pivot to VMware vCenter, SSH into ESXi hosts, and deploy ransomware.

According to Google’s Threat Intelligence Group, entire attack chains from initial phone call to ransomware deployment were completed in hours.

Their most notorious hit was MGM Resorts in 2023, where they encrypted over 100 ESXi hypervisors. The estimated cost? $100 million in losses.

What makes Scattered Spider particularly dangerous is their flexibility. They work with multiple ransomware-as-a-service providers including Akira, ALPHV, RansomHub, and DragonForce. They also use the BYOVD (Bring Your Own Vulnerable Driver) technique, loading signed but malicious drivers like POORTRY to terminate security processes, and they’ve deployed the bedevil rootkit directly on ESXi hosts.

As Mandiant noted, even without exploiting any software vulnerabilities, the threat actor manages to obtain an unprecedented level of control over entire virtualized environments.

That’s the scary part. You can be fully patched and still get owned by a convincing phone call.

Akira: The Multi-Platform Hypervisor Specialist

Akira started out targeting Windows systems when it appeared in April 2023, but quickly pivoted to a Linux variant specifically built for VMware ESXi. Then in June 2025, they became the first major ransomware group observed targeting Nutanix Acropolis Hypervisor (AHV), expanding their reach well beyond VMware and Hyper-V.

Today, Akira maintains separate encryptors for Windows, Linux, VMware ESXi, and Nutanix AHV. Their ESXi variant accepts command-line parameters to control encryption behavior, letting operators skip certain file types or target specific VMs. It’s a disturbingly mature and professional operation.

Their favorite initial access method? Exploiting SonicWall VPN vulnerabilities, particularly CVE-2024-40766, or using compromised VPN credentials. Notable victims include Hitachi Ventara, which had to take servers offline after an Akira attack in April 2025.

Ghost VMs: The Invisible Persistence Technique

Late 2025 brought a genuinely creative attack technique. Threat actors began using Hyper-V to inject minimalist Alpine Linux kernels as hidden virtual machines on compromised hosts. These “Ghost VMs” run custom implants like CurlyShell while remaining completely invisible to the primary production environment.

Because the VMs use the Hyper-V Default Switch for NAT, their network traffic blends in with normal host communications. It’s a persistence technique that lives entirely within the hypervisor layer, making it extremely difficult to detect with conventional tools.

The Record-Breakers

A few other incidents deserve mention for sheer scale:

• Storm-0506 / Black Basta hit a North American engineering firm in 2024 through a textbook multi-stage attack: Qakbot initial infection, Windows CLFS vulnerability for privilege escalation, Cobalt Strike and Pypykatz for credential theft, CVE-2024-37085 exploitation for ESXi control, and finally Black Basta deployment. Classic lateral movement where the hypervisor was always the endgame.
• DarkAngels targeted ESXi environments using code derived from the leaked Babuk ransomware source. They reportedly set a record in 2024 with a $75 million ransom payment. Yes, you read that right. Seventy-five million dollars.

Who’s Behind These Attacks?

The threat actor landscape targeting hypervisors has gotten crowded. Here’s a quick snapshot of the major players:

• Akira targets ESXi, Hyper-V, and Nutanix AHV using multi-platform encryptors and VPN exploitation. They’re arguably the most prolific hypervisor-focused ransomware group operating today.
• Scattered Spider (UNC3944) goes after ESXi through vCenter, relying on social engineering rather than software exploits. No zero-days needed when you can just pick up the phone.
• A Chinese-linked APT (unnamed) built a pre-disclosure zero-day exploit toolkit supporting ESXi versions all the way back to 5.1, using the MAESTRO orchestrator and VSOCKpuppet backdoor.
• Black Basta targets ESXi through the CVE-2024-37085 AD privilege escalation path. Effective and low-effort once you have domain access.
• RansomHouse developed a custom tool called MrAgent for automated VM encryption across ESXi environments.
• Hunters International acquired Hive’s source code and infrastructure, continuing attacks against ESXi targets.
• Curly COMrades focuses on Hyper-V, using the Ghost VM injection technique with Alpine Linux kernels.
• DarkAngels uses Babuk-derived encryptors against ESXi and holds the dubious record for the largest known ransom payment at $75 million.

What You Should Do Right Now

Let me break this down into what needs to happen immediately versus what should be part of your longer-term strategy.

Immediate Actions

• Patch VMSA-2025-0004. If you haven’t patched CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226 across all your ESXi, Workstation, and Fusion deployments, stop reading and go do that. These are actively exploited in ransomware campaigns.
• Audit the “ESX Admins” AD group. Check whether this group exists in your Active Directory. If it does, harden it or remove it. If it doesn’t, monitor for its creation. This is one of the easiest privilege escalation paths into ESXi environments.
• Enforce MFA on all hypervisor management interfaces. This includes vCenter, ESXi host access, and any other management tools. If Scattered Spider has taught us anything, it’s that a single compromised password can cascade into total hypervisor compromise.
• Use dedicated local ESXi accounts. Stop using domain admin accounts for hypervisor management. Create purpose-built local accounts with strong, unique passwords.
• Enable lockdown mode and disable SSH on ESXi hosts in production. SSH should only be enabled temporarily for specific troubleshooting tasks.
• Set VMkernel.Boot.execInstalledOnly = TRUE so only signed VIBs can execute. This helps prevent attackers from loading malicious drivers or kernel modules.

Strategic Measures

• Network segmentation. Your hypervisor management plane should be on dedicated VLANs, completely isolated from user-accessible networks. If an attacker can reach vCenter from a workstation, you have a problem.
• Forward ESXi logs to your SIEM. Set up alerts for root logins, service state changes, VIB acceptance level modifications, and datastore unmount operations. These are common pre-encryption indicators.
• Implement immutable, air-gapped backups. Your backup repositories need to be isolated from both Active Directory and the hypervisor management plane. Follow the 3-2-1 backup rule with immutability. If your backups can be reached from the same AD domain as your hypervisors, you’re one credential away from losing everything.
• Evaluate confidential computing for your most sensitive workloads. AMD SEV-SNP and Intel TDX are production-ready and available in major cloud platforms and VCF 9.0.
• Train your help desk staff. Scattered Spider’s primary attack vector is social engineering. Your IT support team needs regular training on verifying caller identity and recognizing manipulation tactics.
• Test hypervisor-specific incident response. Simulate a scenario where all VMs on a host are encrypted and you need to recover from immutable backups. If you’ve never tested this, you don’t have a recovery plan. You have a hope.

The Bottom Line

We’ve been here before. Years ago, VPN appliances were proprietary boxes with limited EDR coverage and massive blast radius when compromised. The security industry eventually caught up, but only after significant damage was done.

Hypervisors are following the same trajectory. They sit in the same blind spot that VPN appliances once occupied: critical infrastructure, minimal security tooling coverage, and enormous impact when breached. The attackers have already figured this out. The 700% surge in targeting is proof.

The difference this time is that we have the benefit of hindsight. The patterns are recognizable. The defensive strategies are known. Patch aggressively, segment ruthlessly, back up immutably, and start treating your hypervisors with the same security rigor you apply to your most sensitive endpoints.

The organizations that act now will weather what’s coming. The ones that don’t will end up in the next wave of breach headlines.

Arnav Sharma Microsoft MVPMCT

Microsoft Certified Trainer · Cloud · Cybersecurity · AI

I help organisations secure their cloud infrastructure and stay ahead of evolving cyber threats. Microsoft MVP and Certified Trainer, author of Mastering Azure Security, and founder of arnav.au — a platform for practical Cloud, Cybersecurity, DevOps and AI content.

LinkedIn Twitter / X 📖 Mastering Azure Security Book a Session