0 Replies Latest reply on Feb 26, 2018 9:05 AM by cve_ZA

    vmWare Security Compromised?

    cve_ZA Lurker

      Hi All.

       

      I hope that this has been posted in the correct forum section, I would like
      to find out if anyone else is seeing the same thing within each of your own
      environment.

       

      On Thursday 22nd Feb 2018 we noticed extremely high CPU usage within our 1 vmWare
      cluster which consist of 3 physical hosts. After further investigation we
      noticed the same in our other clusters.

       

       

      When signing into the cluster we could not account for the high utilization.
      Each individual virtual servers usage did not account for the high utilization,
      something else was causing this.

       

      We then signed into each host directly and what we found was rather
      disturbing. A virtual server on that host that our team did not provision or
      had any idea about. When we connect to this virtual server we noted ubuntu OS
      and this virtual server had 16GB RAM and 32vCPU assigned to it. The CPU’s where
      operating at peaking 100%. After further investigation each host within our
      organization had 1 unknown virtual server on it. All these virtual servers had
      16GB RAM and 32vCPU’s running at at 100%. These virtual servers we’re somehow
      hidden from the main cluster. These servers all had the word LAB in it's name.

      Has anyone else picked this up?

       

      Sorry forgot to mention that we're running vmware esxi 6.0.