This article describes Chinaβs Earth Lamia threat group, which exploits vulnerabilities in public-facing servers across Asia and beyond. The group targets various sectors with sophisticated techniques and continuously updates its malware and attack methods. #CVE-2025-31324 #EarthLamia
Keypoints
- The threat actor China-linked Earth Lamia exploits multiple vulnerabilities in web applications and servers.
- Attacks primarily involve SQL injection, privilege escalation, and establishing proxy tunnels for sustained access.
- Earth Lamia targets sectors including finance, logistics, retail, IT, government, and universities, shifting focus over time.
- The group deploys custom backdoors like PULSEPACK and continuously updates their malware tools.
- Recent activity shows a focus on exploiting CVE-2025-31324 and weaponizing multiple vulnerabilities in SAP NetWeaver.
Read More: https://thehackernews.com/2025/05/china-linked-hackers-exploit-sap-and.html