Cybersecurity researchers uncovered the exploitation of a patched Windows security flaw in RansomExx ransomware attacks involving the PipeMagic backdoor. The threat actors used sophisticated methods, including domain-hosted modules and DLL hijacking, to persist and move laterally within infected systems. #PipeMagic #RansomExx #CVE-2025-29824 #Storm-2460 #SaudiArabia #Brazil
Keypoints
- Threat actors exploited a recently patched vulnerability in Windows to deploy PipeMagic malware.
- PipeMagic functions as a modular backdoor with capabilities for remote command execution and lateral movement.
- Early versions of PipeMagic targeted industrial companies in Southeast Asia, with recent activity in Saudi Arabia and Brazil.
- Attackers used domain-based staging and DLL hijacking techniques to deploy and mask the malware.
- Recent versions demonstrate improved persistence and lateral movement techniques, including memory extraction tools like ProcDump.
Read More: https://thehackernews.com/2025/08/microsoft-windows-vulnerability.html