Highlighted
Contributor
Contributor

vmWare Security Compromised?

Hi All.

I hope that this has been posted in the correct forum section, I would like
to find out if anyone else is seeing the same thing within each of your own
environment.

On Thursday 22nd Feb 2018 we noticed extremely high CPU usage within our 1 vmWare
cluster which consist of 3 physical hosts. After further investigation we
noticed the same in our other clusters.

When signing into the cluster we could not account for the high utilization.
Each individual virtual servers usage did not account for the high utilization,
something else was causing this.

We then signed into each host directly and what we found was rather
disturbing. A virtual server on that host that our team did not provision or
had any idea about. When we connect to this virtual server we noted ubuntu OS
and this virtual server had 16GB RAM and 32vCPU assigned to it. The CPU’s where
operating at peaking 100%. After further investigation each host within our
organization had 1 unknown virtual server on it. All these virtual servers had
16GB RAM and 32vCPU’s running at at 100%. These virtual servers we’re somehow
hidden from the main cluster. These servers all had the word LAB in it's name.

Has anyone else picked this up?

Sorry forgot to mention that we're running vmware esxi 6.0.

0 Kudos
0 Replies