Threat actors exploit ESXi systems as C2 tunnels, leveraging SSH for stealthy persistence, Sygnia reports.