A Chinese state-sponsored group, BRONZE BUTLER, has exploited a zero-day vulnerability (CVE-2025-61932) in Motex LANSCOPE Endpoint Manager to infiltrate corporate networks and steal sensitive information. The campaign features sophisticated malware variants like Gokcpdoor and deception techniques involving legitimate tools and cloud services. #BRONZEBUTLER #CVE202561932
Keypoints
- BRONZE BUTLER exploited a zero-day vulnerability to breach target networks.
- The zero-day, CVE-2025-61932, allows remote command execution with SYSTEM privileges.
- Malware variants such as Gokcpdoor and Havoc framework are used for command and control.
- The attackers employ legitimate tools and cloud services for stealth and data exfiltration.
- U.S. CISA has classified this vulnerability as actively exploited in the wild.
Read More: https://securityonline.info/chinese-apt-bronze-butler-exploits-lanscope-zero-day-for-system-control/