Scattered Spider Launching Ransomware on Hijacked VMware Systems, Google

July 28, 2025 invoker category_news

Security Update News

Update Information

Title Scattered Spider Launching Ransomware on Hijacked VMware Systems, Google
Update ID HACKREAD:88ACE7E4A2F32A1E3C655388DC645F31
Type hackread
Published 2025-07-28T18:35:30
Last Updated 2025-07-28T18:35:30

Security Impact

Severity NONE

AI Analysis

AI Description UNC3944 (0ktapus) uses social engineering to compromise Active Directory and exploits VMware vSphere for data theft and ransomware deployment. This attack highlights the risks of targeted enterprise attacks.
AI Severity Medium
AI Vendor Broadcom
AI Product VMware vSphere

Update Details

A new report from Google’s GTIG reveals how UNC3944 (0ktapus) uses social engineering to compromise Active Directory, then exploits VMware vSphere for data theft and direct ransomware deployment. Understand their tactics and learn vital mitigation steps.

View Advisory Details

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.