April 25, Help Net Security – (International) VMvare confirms server hypervisor source code leak. VMware confirmed a file from the VMware ESX server hypervisor source code was leaked by a hacker that goes by the handle “Hardcore Charlie.” The posted code and associated commentary dates to the 2003 to 2004 timeframe, said the director of VMware’s Security Response Center. He added there is a possibility more files may be posted in the future, as the hacker claimed to have in his possession around 300 MB of VMWare source code. He said the fact the source code may have been publicly shared does not necessarily mean there is any increased risk to VMware customers. The leaked file was part of a batch of documents released by the hacker. The provenience of the leaked code has not been confirmed, but it appears to originate from the servers of the China Electronics Import & Export Corporation, which recently suffered a breach, allegedly at the hands of Hardcore Charlie. According to Threatpost, the hacker boasted of breaching many big firms in the Asia-Pacific region, and said he possesses more than a terabyte of data stolen from their servers. He also claims he and his associates still have access to the networks of some of these firms. Some documents were already leaked online, and among them are shipping documents of U.S. military transports in Afghanistan.
Ali Loney, on April 25, 2012