A cyber espionage group known as Tick exploited a critical vulnerability (CVE-2025-61932) in Motex Lanscope Endpoint Manager to deploy backdoors and conduct malicious activities. The attack involved sophisticated tools like Gokcpdoor and Havoc, targeting East Asian organizations and utilizing cloud services for data exfiltration. #TickGroup #CVE2025-61932 #Gokcpdoor #HavocFramework
Keypoints
- Tick, a suspected Chinese cyber espionage group, exploited a zero-day vulnerability in Lanscope Endpoint Manager.
- The CVE-2025-61932 flaw allows remote code execution with SYSTEM privileges on on-premise systems.
- Attackers used the Gokcpdoor backdoor to establish covert communication channels and remote control.
- Malicious campaigns included the deployment of Havoc framework and DLL side-loading techniques for persistence.
- Organizations are advised to update vulnerable servers and review internet-facing Lanscope components for exposure.
Read More: https://thehackernews.com/2025/10/china-linked-tick-group-exploits.html