China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures
Executive Summary EclecticIQ analysts assess with high confidence that, in April 2025, China-nexus nation-state APTs (advanced persistent threat) launched high-temp exploitation campaigns against critical infrastructure networks by targeting SAP NetWeaver Visual Composer. Actors leveraged CVE-2025-31324 [1], an unauthenticated file upload vulnerability that enables remote code execution (RCE). This assessment ... Read More
Chinese State-Sponsored Cyber Espionage Activity Targeting Semiconductor Industry in East Asia
Executive Summary EclecticIQ analysts identified a cyber espionage campaign where threat actors used a variant of HyperBro loader with a Taiwan Semiconductor Manufacturing (TSMC) lure, likely to target the semiconductor industry in Mandarin/Chinese speaking East Asian regions (Taiwan, Hong Kong, Singapore). Operational tactics, techniques, and procedures (TTPs) overlap with previously ... Read More
Decrypting Key Group Ransomware: Emerging Financially Motivated Cyber Crime Gang
Executive Summary The Key Group ransomware family was first revealed on January 6, 2023, continuing their operations since then. EclecticIQ researchers assess with high confidence, the Key Group ransomware gang is primarily a Russian speaking, financially motivated threat group using Telegram channel keygroup777Tg for the negotiation of ransoms.[] Key Group has ... Read More
FIN8 Group Using Modified Sardonic Malware for Deployment of BlackCat Ransomware
FIN8 Group Using Modified Sardonic Malware for Deployment of BlackCat Ransomware According to the Symantec Threat Hunter Team, the financially motivated threat actor known as FIN8 has been observed using an updated version of a malware called Sardonic to deliver the BlackCat ransomware. The update on the Sardonic ... Read More
