Chinese cyber-espionage group โBronze Butlerโ exploited a zero-day flaw in Motex Lanscope Endpoint Manager to deploy malware and steal sensitive data. This attack highlights the importance of timely patching to prevent exploitation of critical vulnerabilities. #BronzeButler #CVE202561932
Keypoints
- Bronze Butler exploited a zero-day vulnerability CVE-2025-61932 in Motex Lanscope Endpoint Manager.
- The vulnerability allows attackers to execute arbitrary code with SYSTEM privileges without authentication.
- Attackers deployed the Gokcpdoor malware, establishing proxy connections with their C2 infrastructure.
- The new Gokcpdoor version supports multiplexed C2 communication and dropped support for KCP protocol.
- Organizations are advised to immediately patch their Lanscope Endpoint Manager to prevent further exploitation.