A recently attributed China-linked threat actor has been exploiting critical security flaws in SAP NetWeaver to conduct attacks on organizations across Brazil, India, and Southeast Asia. Operated under the name Earth Lamia, the actor primarily exploits SQL injection vulnerabilities on web applications and has targeted diverse sectors. Recent attempts have involved deploying post-exploitation tools and staging ransomware, though their success has been limited. Trends in this hacking activity reflect a broader strategy of targeting internet-exposed systems and employing various tools for intrusion and data manipulation.
"The threat actor mainly targets the SQL injection vulnerabilities discovered on web applications to access the SQL servers of targeted organizations," Trend Micro security researcher Joseph C Chen said in an analysis published this week.
"While the actors were seen staging the Mimic ransomware binaries in all observed incidents, the ransomware often did not successfully execute, and in several instances, the actors were seen attempting to delete the binaries after being deployed."
Collection
[
|
...
]