A naukri.com initiative
Socprime
6d
391
Image Credit: Socprime
Detect CVE-2025-31324 Exploitation by Chinese APT Groups Targeting Critical Infrastructure
- A critical vulnerability in SAP NetWeaver, identified as CVE-2025-31324, is being actively exploited by Chinese APT groups to target critical infrastructure systems.
- China-linked nation-state groups, likely associated with China’s Ministry of State Security, are attributed to these intrusions.
- Multiple China-nexus adversaries are exploiting the SAP NetWeaver flaw CVE-2025-31324 since April 2025.
- Security professionals can access detection rules for CVE-2025-31324 exploit linked to China-nexus groups on the SOC Prime Platform.
- The exploitation campaigns focus on infiltrating critical infrastructure and establishing long-term access to global networks.
- Chinese APT groups are actively targeting sectors like natural gas distribution, water management, medical device manufacturers, oil and gas firms, and government ministries.
- The campaign exploited a zero-day vulnerability, backdooring SAP NetWeaver instances with web shells and maintaining access through various tools like KrustyLoader and SNOWLIGHT.
- The attackers are identified as UNC5221, UNC5174, and CL-STA-0048, known for deploying web shells, reverse shells, and various malware tools.
- China-affiliated threat groups are expected to continue exploiting vulnerabilities in enterprise software to target critical infrastructure globally.
- Users are advised to upgrade SAP NetWeaver instances and implement mitigation measures as suggested by SAP Security Notes.
Read Full Article
23 Likes
For uninterrupted reading, download the app