Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
2 résultats taggé NetWeaver  ✕
China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures https://blog.eclecticiq.com/china-nexus-nation-state-actors-exploit-sap-netweaver-cve-2025-31324-to-target-critical-infrastructures
14/05/2025 20:46:30
QRCode
archive.org
thumbnail

EclecticIQ analysts assess with high confidence that, in April 2025, China-nexus nation-state APTs (advanced persistent threat) launched high-temp exploitation campaigns against critical infrastructure networks by targeting SAP NetWeaver Visual Composer. Actors leveraged CVE-2025-31324 [1], an unauthenticated file upload vulnerability that enables remote code execution (RCE). This assessment is based on a publicly exposed directory (opendir) found on attacker-controlled infrastructure, which contained detailed event logs capturing operations across multiple compromised systems.

EclecticIQ analysts link observed SAP NetWeaver intrusions to Chinese cyber-espionage units including UNC5221 [2], UNC5174 [3], and CL-STA-0048 [4] based on threat actor tradecrafts patterns. Mandiant and Palo Alto researchers assess that these groups connect to China's Ministry of State Security (MSS) or affiliated private entities. These actors operate strategically to compromise critical infrastructures, exfiltrate sensitive data, and maintain persistent access across high-value networks worldwide.

Uncategorized China-Nexus Threat Actor Scanning the Internet for CVE-2025-31324 and Upload Webshells

EclecticIQ analysts assess with high confidence that, a very likely China-nexus threat actor is conducting a widespread internet scanning and exploitation campaign against SAP NetWeaver systems. Threat actor–controlled server hosted at IP address 15.204.56[.]106 exposed the scope of the SAP NetWeaver intrusions [5].

eclecticiq.com EN 2025 exploitation China-Nexus China attribution CVE-2025-31324 SAP NetWeaver
ReliaQuest Uncovers Potential New Vulnerability in SAP NetWeaver https://reliaquest.com/blog/threat-spotlight-reliaquest-uncovers-vulnerability-behind-sap-netweaver-compromise/
25/04/2025 09:44:42
QRCode
archive.org
thumbnail

ReliaQuest has observed SAP NetWeaver incidents with unauthorized file uploads and malicious execution, hinting at a possible unreported vulnerability.

reliaquest EN 2025 SAP NetWeaver incidents unreported vulnerability
4835 links
Shaarli - Le gestionnaire de marque-pages personnel, minimaliste, et sans base de données par la communauté Shaarli - Theme by kalvn