Threat-hunting teams are warning that the financially motivated group UNC4, also tracked as 0ktapus, Octo Tempest, and Scattered Spider, has transitioned from credential-harvesting campaigns to a full-blown assault on virtualization stacks.
Google’s Threat Intelligence Group states that the actors are now “living off the land” within VMware vSphere, exfiltrating Active Directory...