Chinese-speaking threat actors are suspected of exploiting a compromised SonicWall VPN appliance to gain initial access to VMware ESXi environments, leveraging a multi-stage exploit toolkit observed by cybersecurity firm Huntress in December 2025. The attack chain, which may have originated as early as February 2024, involved zero-day vulnerabilities in VMware disclosed by Broadcom in March 2025: CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226. If successfully exploited, these flaws allow attackers with administrative privileges to leak memory from the Virtual Machine Executable process or execute code at the hypervisor level, raising the risk of ransomware deployment or full hypervisor compromise. CISA added the vulnerabilities to its Known Exploited Vulnerabilities catalog following evidence of active targeting.
Huntress analysts Anna Pham and Matt Anderson noted that the toolkit contains development paths with simplified Chinese strings, including folders labeled “全版本逃逸–交付” or “All version escape – delivery,” indicating it may have been developed well before public disclosure. The attack chain demonstrates a highly sophisticated approach, chaining memory leaks, sandbox escapes, and VM communication exploits. Key components include an orchestrator executable known as MAESTRO, a kernel driver MyDriver.sys loaded via Kernel Driver Utility, and supporting binaries such as devcon.exe to manage VMware guest drivers. The exploit identifies the ESXi host version, triggers the vulnerabilities, and injects multiple payloads into VMX memory, including shellcode for environment preparation, establishing a foothold, and a 64-bit ELF backdoor called VSOCKpuppet for persistent remote access over VSOCK port 10000.
The toolkit also includes a client plugin, GetShell, which operates from any guest Windows VM and allows interaction with the compromised ESXi host. This component can download and upload files, execute shell commands, and communicate back to VSOCKpuppet, effectively bypassing traditional network monitoring. Huntress observed PDB paths suggesting development as early as November 2023, highlighting the long-term planning and high resource investment behind the toolkit. Despite the presence of README files and operational instructions, researchers indicate the toolkit has been distributed selectively to vetted buyers through private channels rather than public underground markets.
Huntress emphasized that the attack illustrates how VM isolation can be breached and hypervisor control obtained from a guest VM, representing a worst-case scenario for administrators. The use of VSOCK as a communication channel bypasses standard detection methods, prioritizing stealth while allowing sophisticated operational control. While there is no public attribution, the combination of early zero-day exploitation, detailed toolkit development, and use of simplified Chinese strongly suggests a well-resourced actor operating in a Chinese-speaking region. The targeted nature of deployments underscores the selective, private distribution of high-end offensive tooling, reflecting a focus on evading detection and limiting widespread exposure.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
