A suspected Chinese hacking group used open-source rootkits to ensure persistence on compromised edge devices such as VMware ESXi servers for espionage campaigns, Google Mandiant said.
The hacking group, which Mandiant tracks as UNC3886, is likely a Chinese threat group hacking for Beijing. The threat intel company has previously observed UNC3886 compromising firewall and virtualization applications that lack endpoint detection support.