VMware ESX source code 'leaked online'

A hacker, who this month accessed a Beijing-based electronics import and export corporation, has released code fragments of VMware's ESX virtualisation software.
Written by Zack Whittaker, Contributor

VMware has warned its users after fragments of its ESX virtualisation software source code appeared online.

The leak stems from an attack by a hacker calling himself "Hardcore Charlie", and claims to have 300MB of VMware's source code and vast amounts of internal data from other companies.

Documents appeared on image-sharing site Imgur and code sharing site Pastebin, often used by hackers to leak contents of network breaches.

Iain Mulholland, director of VMware's Security Response Center, said despite the code leak, it "does not necessarily mean that there is any increased risk to VMware customers," and takes the matter of security seriously. The company said it is engaging with "internal and external resources".

Kaspersky's Threatpost said that the hacker claims to have hacked China's National Electronics Import and Export Corp. (CEIEC) in March, which led to other information being leaked. Samples of VMware's code have already been released, with promises of more CEIEC data in May, after the hacker claimed he was investigating U.S. military activities.

CEIEC denied the claims calling them "totally groundless, highly subjective and defamatory."

The hack appears to be of a similar nature to how Symantec's legacy anti-virus source code was leaked after an Indian intelligence service network was hacked, though VMware did not respond to questions at the time of publication.

Over half of datacenters run virtualisation, making virtual infrastructures a prime target for attacks, one analyst said.


Editorial standards