In mid-2025, a Chinese state-sponsored group known as BRONZE BUTLER targeted organizations using Motex LANSCOPE Endpoint Manager through a newly discovered zero-day vulnerability, CVE-2025-61932. This vulnerability allows remote adversaries to execute arbitrary commands with SYSTEM privileges. Following a similar campaign against SKYSEA Client View in 2016, this marks a significant threat to asset management software.
On October 22, 2025, JPCERT/CC made the CVE public, prompting immediate global concern. Sophos researchers uncovered that attackers exploited this vulnerability for initial access, leading to lateral movements within affected networks. The U.S. Cybersecurity and Infrastructure Security Agency included the CVE in its Known Exploited Vulnerabilities Catalog, recognizing active exploitation. Multiple malware families were identified, showcasing a meticulous attack chain aimed at exfiltrating sensitive data and maintaining persistent access.
👉 Pročitaj original: Cyber Security News
