PrivacyDigestMay 11, 2025

Chinese #Hackers #Exploit SAP #RCE Flaw CVE-2025-31324, Deploy Golang-Based #SuperShell

CVE-2025-31324 refers to a critical #SAP #NetWeaver flaw that allows attackers to achieve remote code execution (RCE) by uploading web shells through a susceptible "/developmentserver/metadatauploader" endpoint
#security

https://thehackernews.com/2025/05/chinese-hackers-exploit-sap-rce-flaw.html

Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell

China-based hackers exploited SAP flaw CVE-2025-31324 since April 29, impacting global industries via web shells.

The Hacker News
Censys C2 BotNov 13, 2023

New Supershell IoC: 121.5.195.89:8888

Reference: https://search.censys.io/hosts/121.5.195.89

#Supershell #C2

Censys C2 BotNov 13, 2023

New Supershell IoC: 43.163.240.112:8888 Reference: https://search.censys.io/hosts/43.163.240.112

#Supershell #C2

Censys C2 BotNov 13, 2023

New Supershell IoC: 103.143.28.35:8888 Reference: https://search.censys.io/hosts/103.143.28.35

#Supershell #C2

Censys C2 BotNov 13, 2023

New Supershell IoC: 154.92.18.45:8888 Reference: https://search.censys.io/hosts/154.92.18.45

#Supershell #C2

Censys C2 BotNov 13, 2023

New Supershell IoC: 103.143.28.37:8888 Reference: https://search.censys.io/hosts/103.143.28.37

#Supershell #C2

Censys C2 BotNov 13, 2023

New Supershell IoC: 103.143.28.36:8888 Reference: https://search.censys.io/hosts/103.143.28.36

#Supershell #C2