Full Report
Huntress analysis suggests VM escape bugs were already weaponized in the wild Chinese-linked cybercriminals were sitting on a working VMware ESXi hypervisor escape kit more than a year before the bugs it relied on were made public.…
Analysis Summary
# Threat Actor: Chinese-linked Cybercriminals (Unspecified Group)
## Attribution & Identity
* **Identification:** Cybercriminals linked to China.
* **Known Aliases and Associated Groups:** None explicitly named in the context, but the description notes that attackers linked to China have been previously caught quietly abusing zero-days in enterprise software.
## Activity Summary
* **Recent Campaigns and Operations:** Researchers at Huntress observed an intrusion in December 2025 involving a "sophisticated" toolkit used to break out of virtual machines (**VM escape**) and target the VMware ESXi hypervisor itself.
* **Timeline:** Development of the toolkit appears to have started as early as February 2024, more than a year before VMware publicly disclosed the underlying ESXi vulnerabilities (March 2025). This suggests the group was weaponizing these flaws long before disclosure or patching efforts began.
* **Initial Access:** The observed incident began with a compromised **SonicWall VPN appliance**, leading to the compromise of a Domain Admin account, network pivoting, and subsequent deployment of the hypervisor escape toolkit.
## Tactics, Techniques & Procedures
The actors deployed a bespoke toolkit designed for ESXi exploitation:
* **Initial Access/Infection Chain:** Compromise of a SonicWall VPN appliance.
* **Privilege Escalation:** Commandeering a Domain Admin account.
* **Lateral Movement:** Pivoting across the network.
* **VM Escape:** Exploiting chained flaws (CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226) to break out of a guest VM and execute code directly on the ESXi hypervisor.
* **Post-Exploitation Persistence/Evasion:** Disabling VMware's own drivers and loading unsigned kernel modules.
* **Code Artifacts:** Binaries contained simplified Chinese strings and folders labeled with Chinese text (e.g., "All version escape – delivery"), indicating development origin.
* **Scope:** The toolkit was designed to support a wide range of ESXi versions, spanning over 150 builds.
* **MITRE ATT&CK IDs:** Not specified in the text.
## Targeting
* **Sectors:** Enterprise environments utilizing VMware ESXi virtualization infrastructure.
* **Geography:** Implied association with China due to language artifacts in the code; targeting scope suggests global enterprise reach.
* **Victims:** Specific victim organizations are not named, but the techniques target environments running ESXi.
## Tools & Infrastructure
* **Malware Families Used:** A custom, "sophisticated" toolkit specifically designed for ESXi hypervisor escape.
* **Infrastructure:** The actors were observed "phoning home" in ways designed to evade detection, though specific C2 addresses are not detailed.
## Implications
* **Advanced Capability:** This indicates the threat group possesses significant technical skill, capable of developing complex zero-day exploitation kits specifically targeting hypervisors well ahead of public disclosure.
* **Supply Chain Risk:** Exploiting common enterprise infrastructure (VPNs, virtualization platforms) points to a goal of widespread, deep access within target networks.
* **Stealth and Persistence:** The methods used (disabling drivers, loading unsigned modules) suggest a campaign focused on long-term, low-noise persistence within compromised environments.
## Mitigations
* **Immediate Patching:** Urgent remediation for VMware ESXi hosts, focusing on vulnerabilities referenced by CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, especially given prior in-the-wild exploitation.
* **Endpoint/Kernel Monitoring:** Enhanced monitoring for the loading of unsigned kernel modules and unusual activity involving VMware drivers on ESXi hosts.
* **Network Segmentation:** Strict network segmentation to limit lateral movement, particularly restricting access to hypervisor management interfaces.
* **VPN Hardening:** Strict security controls and monitoring around perimeter devices like SonicWall VPN appliances used for initial access.