A sophisticated cyberattack campaign targeting VMware ESXi environments has been uncovered, in which Chinese-speaking threat actors exploited previously unknown vulnerabilities to escape from virtual machines and gain control of the underlying hypervisor.
Cybersecurity researchers at Huntress detected the activity in December 2025 and stopped the intrusion before it could reach its final stage. Analysts believe the operation could have been used to deploy ransomware or maintain long-term access to enterprise infrastructure.
The attackers initially gained access by compromising a SonicWall VPN appliance. After establishing a foothold, they deployed a custom exploit toolkit designed specifically to target VMware ESXi systems at the hypervisor level.
According to Huntress, the attack chain abused three VMware vulnerabilities that were disclosed as zero-days by Broadcom in March 2025 and later added to the U.S. Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities catalog. These flaws allow an attacker with administrative privileges inside a virtual machine to leak memory, corrupt system processes, and ultimately execute code on the ESXi host itself.
What makes this incident particularly concerning is the level of preparation behind the toolkit. Researchers found Simplified Chinese strings in development paths and file structures, along with technical evidence suggesting the exploit was being developed many months before the vulnerabilities became public. This indicates the work of a highly skilled and well-resourced threat actor operating in a Chinese-speaking region.
The toolkit used in the intrusion was composed of multiple components that worked together to bypass VMware’s isolation mechanisms. The primary executable coordinated the attack, disabled certain virtual machine drivers, and loaded an unsigned kernel driver to trigger the exploit. Through a combination of memory corruption and sandbox escape techniques, the attackers were able to inject malicious code directly into the VMX process that controls virtual machine operations.
Once control over the hypervisor was achieved, the attackers deployed a backdoor that communicated through VSOCK, a communication channel designed for interaction between guest virtual machines and the host system. Because VSOCK traffic does not traverse traditional network paths, it is extremely difficult for conventional security monitoring tools to detect. This allowed the attackers to remotely execute commands, transfer files, and maintain covert access to the compromised ESXi host.
Security analysts described the attack as a textbook example of a modern virtual machine escape. By chaining multiple vulnerabilities together, the threat actor bypassed one of the most fundamental security boundaries in enterprise infrastructure. With hypervisor-level access, an attacker can potentially monitor all virtual machines, steal sensitive data, disrupt operations, or prepare the environment for ransomware deployment.
Although the identity of the group behind the operation has not been officially confirmed, the technical sophistication, use of zero-day vulnerabilities, and development artifacts strongly suggest a highly organized and well-funded actor.
This incident serves as a warning for organizations that rely on virtualization for isolation and security. Virtual machines should no longer be considered an absolute security boundary. Enterprises running VMware ESXi are strongly advised to apply all relevant security patches, restrict administrative privileges inside virtual machines, monitor for abnormal hypervisor behavior, and review access controls on remote access systems such as VPN appliances.