From Helpdesk to Hypervisor: Defending Your VMware vSphere Estate from UNC3944 - 14 de agosto de 2025 - TecnoWebinars.com

A sophisticated threat actor, UNC3944 (also tracked as Scattered Spider and 0ktapus), is executing highly effective attacks against corporate networks, culminating in ransomware deployment directly from the VMware hypervisor. Their campaign bypasses traditional security tools by avoiding malware in the initial stages and exploiting a critical visibility gap: the inability of Endpoint Detection and Response (EDR) to monitor the vSphere control plane. The attack begins with clever social engineering of an IT helpdesk to gain an initial foothold in Active Directory. From there, the actor "lives off the land," using legitimate administrative tools to pivot from AD to the vCenter Server. By gaining control of the virtual infrastructure, they can perform offline data exfiltration, sabotage backups, and encrypt entire datastores from the ESXi hosts, rendering in-guest security agents powerless. This webinar provides a deep dive into the five distinct phases of UNC3944's proven playbook. We will dissect their tactics, techniques, and procedures (TTPs) and present a fortified, three-pillar defense strategy focused on proactive hardening, architectural integrity, and advanced detection. Join us to learn how to protect your most critical infrastructure from this immediate and growing threat.