Issue #02 • Week of Dec 8, 2025

Sponsored message
Security Tip of the Week🔐 Treat Hypervisors as Tier 0
Force all vCenter and ESXi administration through hardened privileged access workstations with phishing resistant MFA, and keep hypervisor management interfaces on isolated networks that are never reachable from user subnets or the internet.

End of Year Heating Up

As the calendar winds down and everyone else is thinking about travel plans and gift lists, our logs are telling a different story. Attackers are not coasting into the holidays. If anything, they are leaning in while defenders are distracted, staff is thin, and “we’ll get to it in January” becomes the default answer.

This week’s stories all point in the same direction: long lived access on hypervisors, brittle crisis frameworks, undersecured API plumbing, and even trusted extensions and consoles turning into liabilities. It is a useful reminder that the bad guys do not respect change freezes or holiday schedules.

If you are skimming this between year end meetings, treat it as a nudge to verify that your most critical controls, logging paths, and playbooks are actually ready for a December incident, not just a slide in a January roadmap.

Top Story

US Organizations Warned of Chinese Malware Used for Long-Term Persistence

https://www.securityweek.com/us-organizations-warned-of-chinese-malware-used-for-long-term-persistence/

TLDR

China linked APT Warp Panda is exploiting edge devices like Ivanti VPN and F5 BIG IP to gain initial access, then using custom VMware focused malware families BrickStorm, Junction, and GuestConduit to sit inside US legal, manufacturing, and technology organizations for a year or more without detection.

Once on VMware vCenter and ESXi, the group uses legitimate accounts such as vpxuser, SSH, SFTP, and covert tunnels to move laterally, exfiltrate data, clone domain controller VMs, and even pivot from compromised US networks to recon government targets in Asia Pacific.

CISA, NSA, and Canadian authorities have now issued joint guidance because BrickStorm is built specifically for long term, self healing persistence on critical virtualization infrastructure.

Why it matters to enterprises

This campaign is a reminder that the modern enterprise attack surface no longer ends at endpoints or even domain controllers, it stretches all the way down to the virtualization fabric. Warp Panda’s malware does not just compromise a server, it compromises the servers that run your servers. By embedding itself inside VMware vCenter and ESXi, the group gains the ability to quietly observe, manipulate, or clone entire environments without tripping traditional security controls. That means data theft, lateral movement, and full domain compromise can occur invisibly, even to organizations with strong endpoint protection and SIEM coverage.

What makes this especially dangerous is the group’s patience. These intrusions are not quick smash and grab operations, they are designed for longevity and regeneration. BrickStorm can reinstall itself if removed, maintain tunnels even through reboots, and live undetected for over a year. This is not persistence as a tactic, it is persistence as a strategy.

The broader picture is even more concerning. Warp Panda is chaining together vulnerabilities across Ivanti VPNs, F5 load balancers, and VMware hypervisors, then extending into Azure and Microsoft 365 once inside. It is a full spectrum campaign that traverses the same hybrid environments most enterprises rely on. What starts as a compromised VPN device can end as an attacker sitting inside your virtualization layer, quietly exploring your SaaS collaboration stack.

For defenders, the message is clear: the virtualization layer is no longer just infrastructure, it is a Tier 0 security domain. If your hypervisors are compromised, your identity systems, monitoring tools, and recovery plans may already be under observation. This campaign shows that protecting the hypervisor is now as important as protecting the domain controller.

What to do this week

Focus this week on finding, fixing, and instrumenting the exact surfaces Warp Panda is using.

Inventory and validate all VMware and edge devices in scope

• Enumerate all vCenter and ESXi instances, including lab, DR, and vendor hosted environments.
• Confirm patch status for the vCenter CVEs called out in the advisory and validate ESXi build levels against vendor guidance.
• Do the same for Ivanti Connect Secure and F5 BIG IP, checking for the Ivanti and F5 CVEs referenced in the reporting.

Hunt explicitly for BrickStorm, Junction, and GuestConduit activity

Pull the latest CISA and vendor IOCs and run targeted hunts across:

• VMware vCenter and ESXi logs
• Network telemetry around hypervisors and VPN appliances

Look for:

• Suspicious use of vpxuser
• Unexpected SSH or SFTP sessions between hypervisors
• Unusual VM creation or cloning patterns, especially involving domain controllers or security infrastructure

Treat virtualization like Tier 0 and tighten access accordingly

• Require phishing resistant MFA and privileged access workflows for all vCenter access.
• Move vCenter administration behind PAWs or hardened jump hosts.
• Monitor and rotate credentials for service accounts like vpxuser and any accounts used for hypervisor management.

Close the Azure loop

In Entra ID and Azure AD logs, investigate:

• New or unexpected MFA registrations on privileged accounts
• Unusual Microsoft Graph API activity against OneDrive, SharePoint, or Exchange

Validate conditional access policies for admin roles and any identities bridging on prem or VMware hosted workloads into Microsoft 365 or Azure.

Harden and centralize logging for appliances and hypervisors

• Ensure vCenter, ESXi, Ivanti, and F5 logs are shipped to your SIEM with retention long enough to analyze multi month campaigns.
• Test that you can reconstruct administrative actions on vCenter, including VM creation, cloning, snapshotting, and deletion events.

Tabletop and document a hypervisor compromise playbook

Run a short tabletop covering:

• Detecting hypervisor level backdoors
• Safely rebuilding or re imaging vCenter and ESXi while preserving evidence
• Rotating credentials and secrets exposed through the virtualization layer

Document this as a formal runbook so teams are not improvising during a real incident.

Big Stories

CISOs are rethinking what a real crisis framework looks like

https://www.helpnetsecurity.com/2025/12/03/binalyze-crisis-management-framework-report/

What happened

Binalyze’s latest report shows that most enterprises still struggle to move from “breach detected” to “crisis managed.” Even though nearly all CISOs assume a successful attack will happen, teams wait an average of 8.6 hours before they fully engage forensics, a delay they estimate adds over 1 million dollars in impact per incident. The study also found that fewer than half of CISOs can answer basic scoping questions during an active crisis, largely because they only have visibility into about 57 percent of their IT environment. On top of that, investigation teams are thin, typically around 18 skilled responders, leaving many incidents staffed by less experienced personnel.

Why it matters

The report reinforces that many crisis frameworks look solid on paper but collapse under real pressure. If an organization cannot quickly determine whether an attacker still has access, what systems were touched, or what data moved, then no amount of preventive tooling compensates for that blind spot. Limited visibility and understaffed investigation teams turn every breach into a guessing game, driving financial and operational risk far higher. The takeaway is that crisis management needs to be treated as a designed capability, with visibility, collection, and investigation workflows built into the architecture rather than handled ad hoc.

MCP servers are becoming a new choke point in API protection

https://www.helpnetsecurity.com/2025/12/03/salt-security-mcp-servers-threat-protection/

What happened

Salt Security’s new research highlights that Multi Channel Processor (MCP) servers are emerging as a high value target in API driven architectures. Attackers are focusing on MCPs because they often broker traffic between microservices, data stores, and external integrations, yet they are rarely instrumented with the same depth of authentication, authorization, or anomaly detection as modern API gateways. Salt found that many MCP deployments expose internal APIs, reuse tokens across channels, or lack strict schema enforcement, giving attackers a path to pivot from a single compromised API call into broader lateral movement across the application layer.

Why it matters

Enterprises have spent years hardening API gateways and edge surfaces, but MCP servers represent the connective tissue inside these environments, and they are frequently under secured. If an attacker can manipulate or replay API calls against an MCP, they can often bypass downstream controls and access sensitive functions that were never meant to be externally reachable. This turns API posture into an architectural problem rather than a perimeter one, and it means internal API brokering layers need the same level of scrutiny, telemetry, and threat modeling as external gateways.

Quick Hits

• UPenn Oracle EBS data theft – Attackers exploited the Oracle EBS vulnerability to steal personal data tied to students, alumni, and donors. It is a reminder that ERP systems hold concentrated sensitive data and require the same monitoring and patch discipline as front line applications. https://www.bleepingcomputer.com/news/security/university-of-pennsylvania-confirms-data-theft-after-oracle-ebs-hack/
• Malicious Chrome and Edge extensions – Popular browser extensions were quietly turned into tracking tools and backdoors through malicious updates. Enterprises should treat extensions like software supply chain risk and enforce strict allowlists and monitoring. https://www.securityweek.com/chrome-edge-extensions-caught-tracking-users-creating-backdoors/
• Defender XDR portal outage – A Defender portal outage temporarily broke hunting and alert access for customers. SOC teams need fallback workflows for investigations when their primary security console becomes unavailable. https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-portal-outage-blocks-access-to-security-alerts/

What Now?

This week reminds me that our real control surface is not just our firewalls and EDR, but the platforms we quietly treat as “given” in our designs. A compromised hypervisor, a noisy but under secured MCP server, or an old ERP stack can undermine every edge control, while something as mundane as a browser extension or portal outage can blind the SOC at the exact moment you need clarity.

 

Use these stories to pressure test where your investigation actually starts, what evidence you can reliably reach in the first hour, and how you operate if a trusted platform turns hostile or simply goes dark. Architect for the loss of a Tier 0 system or primary console as a design assumption, not an exception, and make sure your crisis framework, logging paths, and playbooks are practiced enough that you do not have to invent them in the middle of the next incident.