The MITRE Corporation has revealed that the cyber attack targeting the not-for-profit company towards late December 2023 by exploiting zero-day flaws in Ivanti Connect Secure (ICS) involved the actor creating rogue virtual machines (VMs) within its VMware environment.
“The adversary created their own rogue VMs within the VMware environment, leveraging compromised vCenter Server access,” MITRE
Source:: The Hackers News