Development of VMware ESXi-targeted shinysp1d3r RaaS underway

Hacking operation ShinyHunters is currently developing the new shinysp1d3r ransomware-as-a-service platform to target VMware ESXi environments, GBHackers News reports.

Infiltrating VMware ESXi hypervisors would provide significantly expanded ransomware coverage for ShinyHunters, which is likely creating the RaaS platform to attract new affiliates, according to an EclecticIQ analysis.

Aside from actively developing shinysp1d3r, ShinyHunters has also adopted artificial intelligence-driven voice phishing intrusions exploiting various VoIP services and AI platforms Bland and VAPI. Such techniques have allowed ShinyHunters to exfiltrate at least 47.5 GB of data from attacks against airline and retail organizations, which were then pressured to pay ransoms through samples leaked via LimeWire.

Organizations have been urged to counter ShinyHunters' increasingly sophisticated attack techniques by implementing stringent access controls, SSO-integrated app monitoring, and least privilege principles, as well as comprehensive employee training, which should integrate AI-powered vishing and other insider threat scenarios.