Taiwan-based cybersecurity company TeamT5 has verified the exploitation of a vulnerability recently highlighted by the Cybersecurity and Infrastructure Security Agency (CISA) in its Known Exploited Vulnerabilities (KEV) catalog. The company suggests that Chinese advanced persistent threat (APT) groups are responsible for the attacks.
Details of the Security Vulnerability
The vulnerability, identified as CVE-2024-7694, was added to the CISA KEV list last week. It permits attackers with administrative access to upload malicious files, potentially leading to arbitrary command execution on affected servers. A fix for this security loophole was implemented in August 2024.
TeamT5’s solutions are deployed across the United States, Japan, and Taiwan, including within government agencies. This widespread use might have prompted CISA to include the flaw in its catalog, urging governmental bodies to address it by March 10.
Targeted Attack Analysis
According to TeamT5, the attacks leveraging CVE-2024-7694 took place in 2024 and were limited to a small number of its clients. Those impacted were informed promptly and received support for patching and implementing necessary mitigations.
The firm described the incident as a “highly coordinated and targeted attack” focusing on compromising high-profile client systems. The attackers reportedly dedicated substantial resources to identifying a flaw in TeamT5’s ThreatSonar product.
Implications and Future Outlook
In a recent blog update, TeamT5 confirmed that all customers had updated their software in 2024, ensuring that no vulnerable versions are currently in use. SecurityWeek previously noted the potential involvement of Chinese threat actors in these attacks.
TeamT5 has now confirmed that the exploitation was part of a supply chain attack attributed to Chinese APTs, specifically those tracked as Slime57 and Slime62. The threat actors employed numerous IP addresses, mainly consisting of compromised devices within Taiwan, to obscure their identity.
As cybersecurity challenges evolve, the confirmation of such targeted attacks underscores the importance of ongoing vigilance and collaboration among global security entities to mitigate risks and protect sensitive information.
