CyberSecurity news
FlagThis
info@thehackernews.com (The Hacker News)@The Hacker News - 17d
The cybercrime group XE Group has shifted its tactics from credit card skimming to exploiting zero-day vulnerabilities, with a recent focus on VeraCore software. This involves deploying reverse shells and web shells to maintain persistent remote access to compromised systems, targeting supply chains in the manufacturing and distribution sectors. The group has been active since at least 2010, marking a significant shift in their operational priorities towards targeted information theft.
The vulnerabilities exploited include CVE-2024-57968, an unrestricted file upload flaw, and CVE-2025-25181, an SQL injection vulnerability. These shortcomings are being chained to deploy ASPXSpy web shells for unauthorized access to infected systems, enabling file system enumeration, data exfiltration, and the execution of SQL queries. The exploitation activity was discovered in November 2024, with evidence suggesting the group leveraged CVE-2025-25181 as early as 2020.
References :
The vulnerabilities exploited include CVE-2024-57968, an unrestricted file upload flaw, and CVE-2025-25181, an SQL injection vulnerability. These shortcomings are being chained to deploy ASPXSpy web shells for unauthorized access to infected systems, enabling file system enumeration, data exfiltration, and the execution of SQL queries. The exploitation activity was discovered in November 2024, with evidence suggesting the group leveraged CVE-2025-25181 as early as 2020.
Share:
References :
- securityaffairs.com: XE Group shifts from credit card skimming to exploiting zero-days
- The Hacker News: XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells
- ciso2ciso.com: XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells – Source:thehackernews.com
- ciso2ciso.com: XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells – Source:thehackernews.com
- Blog: Article about the XE group exploiting Veracore zero-day to deploy persistent web shells.
- www.scworld.com: Report details how XE Group exploited a VeraCore zero-day to deploy reverse shells and web shells.
- SOC Prime Blog: SOCRadar: Detect XE Group Attacks
- intezer.com: Intezer's Nicole Fishbein, Joakim Kennedy & Justin Lentz provide an in-depth analysis of XE Group’s recent operations, looking at the exploits used, persistence mechanisms, and attack methodologies.
- socprime.com: XE Group, likely a Vietnam-linked hacking collective that has been active in the cyber threat arena for over a decade is believed to be behind the exploitation of a couple of VeraCore zero-day vulnerabilities.
- Virus Bulletin: Intezer's Nicole Fishbein, Joakim Kennedy & Justin Lentz provide an in-depth analysis of XE Group’s recent operations, looking at the exploits used, persistence mechanisms, and attack methodologies.
- securityaffairs.com: The cybercrime group XE Group exploited a VeraCore zero-day to deploy reverse shells, web shells in recent attacks.
- securityaffairs.com: Analysis of the XE Group's recent operations and their use of VeraCore zero-day vulnerabilities to deploy reverse shells and web shells.
Classification:
- HashTags: #ZeroDay #WebShells #SupplyChain
- Company: Advantive
- Target: Manufacturing and Distribution Networks
- Attacker: XE Group
- Product: VeraCore
- Feature: Web Shells
- Malware: ASPXSpy, Meterpreter
- Type: 0Day
- Severity: Major