"In an updated advisory produced with the FBI and European law enforcement partners, it said Akira has expanded its capabilities and is now targeting Nutanix AHV virtual machines, an evolution from its previous attacks against VMware ESXi and Hyper-V. The agencies spotted attacks against Nutanix hypervisors in June, but did not specify the affected organizations, and added that the data informing the advisory is as recent as November 2025."
"Nutanix's hypervisors are among the market leaders and are typically used in sectors such as healthcare, finance, and government. While Akira is typically known for targeting small and medium businesses, its members have also laid claim to attacks on larger organizations. The advisory stated that the group has previously displayed "a notable preference for organizations in the manufacturing, educational institutions, information technology, healthcare and public health, financial services, and food and agriculture sectors.""
CISA, the FBI, and European law enforcement partners report that the Akira ransomware operation has expanded to target Nutanix AHV virtual machines, evolving from previous VMware ESXi and Hyper-V attacks. Attacks against Nutanix hypervisors were observed in June, with intelligence as recent as November 2025. Critical national infrastructure organizations face heightened risk as Akira seeks to increase criminal revenues, estimated at $244.17 million. Nutanix hypervisors power sectors including healthcare, finance, and government. Akira affiliates gain initial access via VPN product vulnerabilities, notably CVE-2024-40766 impacting misconfigured SonicWall SSL-VPNs, and over 438,000 such devices were exposed.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]