What's missing in the article is explanation of how attackers get into those ESXi machines to begin with -- 0-day? old unpatched bugs? Stolen credentials?<p>IMHO, this is the really interesting part, and something one would really like to know as it directly affects how one should protect their servers.