Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025

Microsoft helps CBI disassemble the Indian Centers for Japanese Technical Support

June 6, 2025

Expand users’ capabilities and protect against Genai data loss

June 6, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Chinese hackers exploit SAP and SQL Server deficiencies when attacks on Asia and Brazil
Global Security

Chinese hackers exploit SAP and SQL Server deficiencies when attacks on Asia and Brazil

AdminBy AdminMay 30, 2025No Comments3 Mins Read
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


May 30, 2025Red LakshmananVulnerability / intelligence threats

The Chinese threatening actor, which is behind the recent exploitation of the SAP Netweaver’s critical lack of security, was associated with a broader set of attacks aimed at organizing in Brazil, India and Southeast Asia since 2023.

“Acting threats are mainly oriented – Note In an analysis published this week. “The actor will also take advantage of various well -known vulnerabilities for the exploitation of the servers facing the public.”

Some of the other known goals of the competition team include Indonesia, Malaysia, Philippines, Thailand and Vietnam.

Cybersecurity Company monitors activity under nickname Land Lamiaindicating that the activity shares a certain degree of overlapping with threats of clusters documented with elastic safety lab as Ref0657Sophos is like Stac6451and Palo Alto Networks Unit 42 as CL-0048.

Cybersecurity

Each of these attacks is aimed at organizations that cover several South Asia sectors, often using the online Microsoft SQL internet server and other specimens for exploration, deployment of tools after operation such as Cobalt Strike and Supershell, and install proxy tunnels in networks Stowaway.

Escalation tools such as Godpotato and JuicyPotato are also used; network scanning utilities such as FSCAN and KSCAN; and legitimate programs such as Wevtutil.exe for cleaning applications, systems, systems and security.

Selected invasions aimed at Indian structures, also tried to expand Imitate ransom Binary files to encrypt the victim files, though the efforts were largely unsuccessful.

“While the actors saw that mimic binary ransom files in all observed incidents, the required programs were often not successfully executed, and in several cases, the actors have noticed attempts to remove binary files after deployment,” Sophos said in a analysis in August 2024.

Then at the beginning of this month ECLECTICIQ disclosed This CL-Sta-0048 has been one of the many China-NEXUS cyber groups to use the CVE-2025-31324, a critical unauthorized vulnerability of the SAP Netwaver to install the infrastructure under control.

In addition to the CVE-2025-31324, the hacking crew is said

Describing it as a “highly active”, Trend Micro noted that the actor threatened his attention from financial services to logistics and internet, and more recently, to IT companies, universities and state organizations.

Cybersecurity

“At the beginning of 2024, until the previous day, we observed that most of their goals were financial organizations, in particular, related securities and brokerage,” the company said. “In the second half of 2024, they transferred their goals in the organization mainly in logistics and online trade industries. We recently noticed that their goals again switched to IT companies, universities and state organizations.”

A characteristic technique adopted by Earth Lamia is to launch its custom backs such as Pulsepack via Dll Side Loading, which is widely perceived by Chinese hacking groups. Modular implant based on .Net Pulsepack talks with a remote server to obtain different plugins to perform their features.

Trend Micro said it was observed in March 2025, the updated version of the back, which changes the team communication and control (C2) from TCP to WebSocket, which indicates the active development of malicious software.

“Land Lamia conducts its activity in different countries and fields with aggressive intentions,” he said. “At the same time, the actor threats constantly clarify his attack tactics, developing the setting tools for hacking and the new back.”

Found this article interesting? Keep track of us further Youter  and LinkedIn To read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025

Microsoft helps CBI disassemble the Indian Centers for Japanese Technical Support

June 6, 2025

Expand users’ capabilities and protect against Genai data loss

June 6, 2025

Why are more security leaders choose AEV

June 6, 2025

New data Wiper Pathwiper Data Wiper violates Ukrainian critical infrastructure in 2025 attack

June 6, 2025

Popular Chrome Extensions API leaks, user data via HTTP and Hard Codes

June 5, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025

Microsoft helps CBI disassemble the Indian Centers for Japanese Technical Support

June 6, 2025

Expand users’ capabilities and protect against Genai data loss

June 6, 2025

Why are more security leaders choose AEV

June 6, 2025

New data Wiper Pathwiper Data Wiper violates Ukrainian critical infrastructure in 2025 attack

June 6, 2025

Popular Chrome Extensions API leaks, user data via HTTP and Hard Codes

June 5, 2025

Researchers in detail in detail decisively developing tactics as it expands its geographical volume

June 5, 2025

Iran related

June 5, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025

Microsoft helps CBI disassemble the Indian Centers for Japanese Technical Support

June 6, 2025

Expand users’ capabilities and protect against Genai data loss

June 6, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.