A shocking revelation has emerged, highlighting the sophisticated tactics employed by China-linked hackers. These threat actors have been exploiting zero-day vulnerabilities in VMware ESXi, a critical component of virtual machine technology. But here's where it gets controversial: they've been doing it for over a year, even before the vulnerabilities were publicly disclosed!
The story begins with a compromised SonicWall VPN appliance, which served as the initial access point for these hackers. From there, they deployed a VMware ESXi exploit, potentially developed as early as February 2024. Cybersecurity firm Huntress stepped in just in time, stopping the attack before it could fully unfold.
The attack targeted three specific VMware vulnerabilities, each with its own severity score: CVE-2025-22224 (9.3), CVE-2025-22225 (8.2), and CVE-2025-22226 (7.1). Successful exploitation of these flaws could grant an attacker with admin privileges the ability to leak memory or execute code, essentially breaking out of the virtual machine's confines.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) quickly took notice, adding the flaw to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation.
Researchers Anna Pham and Matt Anderson from Huntress delved deeper, uncovering intriguing details. The toolkit used by the hackers contained simplified Chinese strings, including a folder named 'All version escape - delivery'. This, coupled with the toolkit's development path and evidence suggesting it was built as a zero-day exploit, points to a well-resourced developer operating in a Chinese-speaking region.
The toolkit's components are designed to orchestrate a full virtual machine escape. The main player, 'exploit.exe' (aka MAESTRO), utilizes embedded binaries like 'devcon.exe' to disable VMware's VMCI drivers and 'MyDriver.sys', an unsigned kernel driver loaded into kernel memory using an open-source tool.
The driver's role is critical: it identifies the ESXi version and triggers exploits for CVE-2025-22226 and CVE-2025-22224, allowing the attacker to write three payloads into VMX's memory. These payloads prepare the environment, establish a foothold, and provide persistent remote access to the ESXi host.
The final stage, corresponding to CVE-2025-22225, involves overwriting a function pointer inside VMX, causing it to jump to the attacker's shellcode instead of legitimate code. This allows the attacker to 'escape the sandbox', as VMware describes it.
The threat actors employ a 'client.exe' (aka GetShell Plugin) to communicate with the backdoor, which can be used from any guest Windows VM on the compromised host. This plugin, dropped as a ZIP archive with usage instructions, allows for file transfers and command execution on the hypervisor.
While the identity of the toolkit's developers remains unclear, the use of simplified Chinese and the attack's sophistication strongly suggest a well-resourced developer operating in a Chinese-speaking region.
Huntress sums it up: "This intrusion showcases a sophisticated, multi-stage attack designed to break virtual machine isolation and compromise the ESXi hypervisor. By chaining information leak, memory corruption, and sandbox escape, the threat actor achieved full control of the hypervisor from within a guest VM."
The use of VSOCK for backdoor communication is particularly concerning, as it bypasses traditional network monitoring, making detection extremely challenging.
This story raises important questions: How can we better protect our virtual environments from such sophisticated attacks? What steps can organizations take to enhance their security measures? Share your thoughts and insights in the comments below!
