Source code from VMware's ESX software product was posted on the internet, the company has confirmed — and the hacker claiming responsibility says he retrieved the code from a Chinese military contractor. VMware stated in a blog post yesterday that it had confirmed a single file had been posted, but that it doesn't anticipate its users being in any increased danger as it already shares its code with industry partners. The code in question was from a version of the ESX product circa 2003 to 2004, but VMWare does anticipate that additional files could be released in the near future.
Kaspersky Labs, meanwhile, reports that it spoke with a hacker named Hardcore Charlie that is claiming responsibility for the leak. Charlie told Kaspersky that he was able to download 300MB of files, including internal company documents, from the China Electronics Import & Export Corporation (CEIEC) back in March, utilizing a number of compromised email accounts from Chinese email-hosting company Sina.com. According the hacker, he was assisted in his efforts by YumaTough. If that names sounds familiar, it's because it is one of the parties associated with the recent theft and posting of Symantec source code (Hardcore Charlie also claims to be an associate of LulzSec's Hector Monsegur). Of course, why CEIEC would have had the source code in the first place appears to be an unanswered question. If it's related to any sharing of source code with the Chinese government remains to be seen.