How Scattered Spider Hijacks ESXi CyberBrief Project podcast

6d ago 8:39

Content provided by Meni Tasa. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Meni Tasa or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.

"Send me a quick text"

In this episode, we explore a creative and highly effective ransomware technique used by Scattered Spider, one that doesn't rely on malware or exploits, but on deep knowledge of virtual infrastructure.

The Disk-Swap attack on ESXi allows attackers to extract Active Directory and deploy ransomware by misusing trusted VMware features. It's quiet, fast, and completely sidesteps traditional detection tools.

We'll walk through how the attack works, why it bypasses so many defenses, and what defenders need to rethink in their architecture to close this gap.

If you've ever assumed your hypervisors were out of reach—this episode is for you.

This technique is also in my YouTube channel: CyberBrief Project

Support the show

Thanks for spending a few minutes on the CyberBrief Project.

If you want to dive deeper or catch up on past episodes, head over to cyberbriefproject.buzzsprout.com.

You can also find the podcast on YouTube at youtube.com/@CyberBriefProject — I’d love to see you there.

And if you find these episodes valuable and want to support the project, you can do that here: buzzsprout.com/support

Your support means a lot.

See you in the next one, and thank you for listening.

8 episodes