Recent findings from cybersecurity firm ReliaQuest reveal that two distinct cybercrime groups, BianLian and RansomExx, are exploiting a security flaw in SAP NetWeaver. The investigation indicates that both groups have linked infrastructure indicative of their exploited tactics. BianLian's involvement is confirmed through IP address associations, while the RansomExx group has been identified through their use of a Trojans like PipeMagic, targeting vulnerabilities, including a privilege escalation bug in Windows. These developments suggest a growing trend of multiple actors leveraging the same critical vulnerabilities for cyber attacks.
"We identified a server at 184[.]174[.]96[.]74 hosting reverse proxy services initiated by the rs64.exe executable. This server is related to another IP..."
"Although the initial attempt failed, a subsequent attack involved the deployment of the Brute Ratel C2 framework using inline MSBuild task execution..."
Collection
[
|
...
]