VMware confirms its systems were breached in recent SolarWinds attacks but denies further exploitation attempts. The company said that the hackers did not make any efforts to further exploiting their access after deploying the backdoor now tracked as Sunburst or Solarigate. The vulnerability tracked as CVE 2020-4006 was publicly disclosed in November and addressed during early December. The National Security Agency issued an advisory three days later, after the security flaw was addressed, saying that Russian nation-state hackers have been exploiting the vulnerability to gain access to protected systems.
Source: https://www.bleepingcomputer.com/news/security/vmware-latest-to-confirm-breach-in-solarwinds-hacking-campaign/