EXSi Arg Server attack

GreenAsGrass

2/10/24, 11:40 PM

I have a very basic question. From what I have read, it seems these unpatched servers were directly attacked remotely through the internet via port 427. So unlike other ransomware attacks, the malware did not get into the network through phishing or from an employee accidentally downloading malicious files. Is this correct?

1 + 1

security

vmware-esxi

ransomware

Tero Kilkanen

2/12/24, 9:06 AM

The attack vector most likely is via this open port. But it does not exclude any other attack vectors like phishing.

Score:3

Server

Stuka

2/10/24, 11:49 PM

Those servers were exposed to the internet. ESXi servers should never be exposed to internet and stay behind firewall. Check for more information: https://www.bleepingcomputer.com/news/security/new-esxiargs-ransomware-version-prevents-vmware-esxi-recovery/

+ 1

GreenAsGrass

2/11/24, 12:30 PM

Hi. Thanks very much for your reply. I have read several articles including this one. However, I have zero domain expertise, so some aspects are not clear. Also, I'm getting conflicting answers for this question. So is it correct to assume these attacks did not get in through email phishing or from an accidental download? The hackers directly attacked and got into the servers through a public facing port on the server? It wasn't a case of the malware getting into the companies network through phishing and eventually finding this unpatched weakness? Thank you for sharing your expertise.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: EXSi Arg Server attack

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.