Major Incidents or Breaches

  • The Australian Signals Directorate (ASD) has issued a bulletin regarding ongoing attacks targeting unpatched Cisco IOS XE devices in Australia. The attacks involve a previously undocumented implant referred to as BADCANDY.

Newly Discovered Vulnerabilities

  • A vulnerability in Motex Lanscope Endpoint Manager was exploited as a zero-day by the China-linked threat actor group Bronze Butler (Tick). The exploitation enabled deployment of an updated Gokcpdoor malware variant.

Notable Threat Actor Activity

  • Bronze Butler (Tick), a China-linked cyber-espionage group, has been observed exploiting the Lanscope Endpoint Manager zero-day vulnerability to facilitate cyber-espionage operations.

Trends, Tools, or Tactics of Interest

  • The use of an undocumented implant (BADCANDY) in ongoing campaigns targeting Cisco IOS XE devices highlights continued attacker focus on network infrastructure.
  • Updated versions of Gokcpdoor malware are being deployed by advanced persistent threat actors, indicating ongoing development and refinement of custom toolsets for espionage purposes.