The MITRE Corporation has revealed that the cyber attack targeting the not-for-profit company towards late December 2023 by exploiting zero-day flaws in Ivanti Connect Secure (ICS) involved the actor creating rogue virtual machines (VMs) within its VMware environment.
« The adversary created their own rogue VMs within the VMware environment, leveraging compromised vCenter Server access, » MITRE