Show threadSekoia.ioDec 15

In the third part of our series “Advent of Configuration Extraction”, we dissect #SNOWLIGHT, a lightweight ELF downloader designed to retrieve and execute a remote payload on #Linux systems.

https://buff.ly/Crz8rDh

The Threat CodexDec 14
Multiple Threat Actors Exploit React2Shell (CVE-2025-55182)
#CVE_2025_55182 #MINOCAT #SNOWLIGHT #HISONIC #COMPOOD #EarthLamia #JACKPOTPANDA #UNC6600 #UNC6586 #UNC6588 #UNC6603 #UNC6595
https://cloud.google.com/blog/topics/threat-intelligence/threat-actors-exploit-react2shell-cve-2025-55182
Multiple Threat Actors Exploit React2Shell (CVE-2025-55182) | Google Cloud Blog

Widespread exploitation of the React2Shell vulnerability (CVE-2025-55182) by multiple threat actors, including China and cyber criminals.

Google Cloud Blog
The Threat CodexMay 16, 2025
China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures
#CVE_2025_31324 #UNC5221 #UNC5174 #CL_STA_0048 #SNOWLIGHT
https://blog.eclecticiq.com/china-nexus-nation-state-actors-exploit-sap-netweaver-cve-2025-31324-to-target-critical-infrastructures
China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures

EclecticIQ analysts assess with high confidence that, in April 2025, China-nexus nation-state APTs (advanced persistent threat) launched high-temp exploitation campaigns against critical infrastructure networks by targeting SAP NetWeaver Visual Composer.

CurnyApr 28, 2025

#Angriffe auf #Linux mit #Snowlight und #VShell

https://www.security-insider.de/unc5174-hackergruppe-angriffe-linux-systeme-snowlight-malware-a-4742febffb36ab5acc30d132fa7f6351/

Angriffe auf Linux mit Snowlight und VShell

Die chinesische Hackergruppe UNC5174/Uteus/Uetus greift aktuell mit Malware Linux-Systeme an. Zum Einsatz kommen die Malware Snowlight und das Tool VShell.

Security-Insider
PiaApr 22, 2025
"Infrastructure risks have also been prominent, w/vulnerabilities in ASUS routers & critical ICS devices from Schneider Electric & Yokogawa exposing sectors like #energy & manufacturing to..." digitalfrontierpartners.com.au/news/latest-... RU #APT29 Android #NFC China #UNC5221 #SNOWLIGHT #TONESHELL

Latest Sophisticated Attacks a...
Bluesky

Bluesky Social
warpspaceDec 8, 2023
#Snowlight