(TLP:CLEAR) Public Safety ISAO Vulnerability Advisory – Exploitation of ESXi Vulnerabilities Disrupted Emergency Services

WaterISAC is sharing this for broader awareness of the threat against out-of-date VMware ESXi servers, on the impact such incidents can have on mission critical resources, and most importantly how this incident enabled adversaries to access and encrypt a broadband radio network.

The Public Safety ISAO is sharing this vulnerability advisory due to attacks that exploited unpatched ESXi vulnerabilities in public safety networks leading to compromises of a radio network, computer-aided dispatch system, and a large portion of a municipal network. Three attacks in close succession, including the Akira ransomware syndicate, bring these vulnerabilities to the forefront. Members are encouraged to review the attached advisory. Likewise, utilities using out-of-date VMware ESXi servers are encouraged to update vulnerable systems accordingly.

Recommended mitigations from the Public Safety ISAO include:

• Protect internet-facing services
• Patch known exploited flaws, prioritizing ESXi
• Establish regular data backups

Additional Resources:

• Security Advisories | VMware
• Known Exploited Vulnerabilities Catalog | CISA
• Akira, again: The ransomware that keeps on taking | SOPHOS