Multiple cybercrime groups, including BianLian and RansomExx, are exploiting recent security vulnerabilities in SAP NetWeaver and Windows systems. These attacks involve sophisticated tools like web shells, Trojans, and command-and-control frameworks, targeting organizations worldwide.
Affected: organizations using SAP NetWeaver, Windows systems vulnerable to CVE-2025-29824, CVE-2025-31324, CVE-2025-42999, and related infrastructure.
Affected: organizations using SAP NetWeaver, Windows systems vulnerable to CVE-2025-29824, CVE-2025-31324, CVE-2025-42999, and related infrastructure.
Keypoints
- Cybercriminal groups BianLian and RansomExx are actively exploiting SAP NetWeaver vulnerabilities.
- ReliaQuest found evidence linking BianLian to specific command-and-control servers and infrastructure.
- The attacks involve deploying web shells, Trojans like PipeMagic, and using the Brute Ratel C2 framework.
- Multiple CVEs, including CVE-2025-29824, CVE-2025-31324, and CVE-2025-42999, are being exploited by threat actors.
- Organizations are advised to update patches promptly as vulnerabilities can grant full system access regardless of privilege level.
Read More: https://thehackernews.com/2025/05/bianlian-and-ransomexx-exploit-sap.html