Hackers exploited a critical SAP NetWeaver vulnerability (CVE-2025-31324) to deploy the Auto-Color Linux malware against a U.S. chemical company. The malware features advanced evasion tactics, including stealthy persistence and adaptive behavior, making it difficult to detect and eradicate. #CVE-2025-31324 #AutoColorLinux #SAPNetWeaver
Keypoints
- The attack exploited a zero-day vulnerability in SAP NetWeaver to achieve remote code execution.
- The Auto-Color malware employs evasion tactics such as suppression when C2 is unreachable.
- Darktrace observed that the malware adapts its behavior based on user privileges and environment.
- Active exploitation involved multiple threat actors, including ransomware groups and state hackers.
- Security updates for CVE-2025-31324 are urgently recommended to prevent further attacks.