Your Connection, Their Cash: Threat Actors Misuse SDKs to Sell Your…

Search IOCs, vulnerabilities, APT…

216.73.216.6

← Back to attack reports

Your Connection, Their Cash: Threat Actors Misuse SDKs to Sell Your Bandwidth

· Published 21/08/2025 21:01 · Modified 21/08/2025 21:33

Share: LinkedIn Facebook Mastodon X

Export JSON

Essential information

Published: 21/08/2025 21:01
Modified: 21/08/2025 21:33
Tags: 2025-08-21 CVE-2024-36401 apache cve202436401 dart geoserver ip address jxpath persistence sdk
Related entities: 8 vulnerabilities (cve), 94 observables

Description

Palo Alto Networks has identified and identified a threat that is exploiting a critical vulnerability in the GeoServer database, which allows criminals to gain passive income from exploiting victims' internet bandwidth and access to their bandwidth.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

Vulnerabilities (CVE) (8)

CVE-2025-49706 KEV

6.5 Medium

Microsoft SharePoint contains an improper authentication vulnerability that allows an authorized attacker to perform spoofing over a network. Successfully exploitation could allow …

Attack vector: Network
Published: 22/07/2025
Modified: 21/12/2025

CVE-2025-49704 KEV

8.8 High

Microsoft SharePoint contains a code injection vulnerability that could allow an authorized attacker to execute code over a network. This vulnerability could …

Attack vector: Network
Published: 22/07/2025
Modified: 21/12/2025

CVE-2025-31324 KEV

10.0 Critical

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries …

Attack vector: Network
Published: 29/04/2025
Modified: 21/12/2025

Received

CVE-2025-32433 KEV

10.0 Critical

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may …

Attack vector: Network
Published: 09/06/2025
Modified: 27/05/2026

Received

CVE-2024-8299

7.8 High

Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi …

Attack vector: LOCAL
Complexity: Low
Published: 29/11/2024
Modified: 08/04/2026

CWE-427 Awaiting Analysis

CVE-2024-7587

7.8 High

Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric …

Attack vector: Local
Published: 23/10/2024
Modified: 09/01/2026

Analyzed

CVE-2024-1182

7.0 High

Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi …

Attack vector: LOCAL
Complexity: High
Published: 04/07/2024
Modified: 08/04/2026

CWE-427 Received

CVE-2024-36401 KEV

9.8 Critical

OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property names as XPath …

Attack vector: Network
Published: 15/07/2024
Modified: 21/12/2025

Observables (94)

64.226.112.52
37.187.74.75
185.246.84.189
http://64.226.112.52:8080/rKS64mUmF7/d593
http://64.226.112.52:8080/vbbdG8dpAw/s401
http://64.226.112.52:8080/fAFUQgw7Py/c401
http://64.226.112.52:8080/g1Gl1JWEUw/d401
http://64.226.112.52:8080/cxtpjeM3KU/a402
http://64.226.112.52:8080/YbEYCqCFVl/z401
http://64.226.112.52:8080/XEQS3MTzdS/a593
http://64.226.112.52:8080/W7lJoMcuOu/s402
http://64.226.112.52:8080/MFTYFuqKGU/a401

← Previous

Page / 8

1–12 of 94

https://unit42.paloaltonetworks.com/attackers-sell-your-bandwidth-using-sdks/
https://otx.alienvault.com/pulse/68a78923f923670ab62bb240

Contact About Legal notice Privacy policy Terms of use