Bleepingcomputer
Chinese-Speaking Threat Actors Exploit VMware ESXi via Compromised SonicWall VPN
First seen 8 Jan 2026, 23:52 UTC
•
•80% similarity
•24.3
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
In December 2025, Chinese-speaking threat actors exploited vulnerabilities in VMware ESXi using a toolkit delivered through a compromised SonicWall VPN appliance. The toolkit included exploits for three zero-day vulnerabilities disclosed in March 2025, with evidence suggesting initial access was gained through the VPN. The toolkit's development paths contained simplified Chinese strings, indicating the actors' linguistic background.
ThreatCluster AI