https://www.bleepingcomputer.com/news/security/ransomware-gang-uses-ssh-tunnels-for-stealthy-vmware-esxi-access/

Ransomware actors targeting ESXi bare metal hypervisors are leveraging SSH tunneling to persist on the system while remaining undetected.

VMware ESXi appliances have a critical role in virtualized environments as they can run on a single physical server multiple virtual machines of an organization.