TeamT5 confirmed that CVE-2024-7694, a vulnerability in its ThreatSonar product allowing admin users to upload malicious files and achieve arbitrary command execution, was likely exploited in targeted supply-chain attacks in 2024. The company attributes the intrusions to Chinese APTs it tracks as Slime57 and Slime62, says attackers used hundreds of compromised Taiwanese IPs to hide their origin, and reports all customers have been assisted with patches and mitigations. #CVE-2024-7694 #Slime57
Keypoints
- TeamT5 confirmed exploitation of CVE-2024-7694 in 2024 that targeted a small number of customers.
- The vulnerability allowed attackers with admin privileges to upload malicious files and execute arbitrary commands on servers.
- Investigators determined the attacks were highly coordinated supply-chain intrusions attributed to Slime57 and Slime62.
- Attackers used hundreds of compromised devices in Taiwan to mask their true identity.
- TeamT5 assisted affected customers with updates and mitigations and states no vulnerable versions remain in use.