Shadowbunny article published in the PenTest Magazine

The Shadowbunny technique uses virtual machines (VMs, software that emulates a complete computer within another computer) during lateral movement (spreading from one compromised system to others) to hide attackers' presence and avoid security detection tools. Real-world attackers, including those behind Ragnar Locker Ransomware (malicious software that encrypts files for extortion), have already employed this method, making it important for security professionals to understand how to detect it.