Service Hotline: 010-68213797
English
Home > News > Industry News

The National Internet Emergency Center (CNCERT) has issued a risk warning about the "Swim Snake" black - industry attack activities.

Author:杰润鸿远 Release Time:2025-06-11 Click Count:
Cybersecurity News

1. National Internet Emergency Center (CNCERT) Issues Risk Warning on "Swim Snake" Black-Industry Attack Campaigns

Recently, CNCERT and Antiy Labs jointly monitored frequent activities by the "Swim Snake" black-industry group (also known as "Silver Fox," "Gu Duo Thief," "UTG-Q-1000," etc.). Attackers use search engine SEO promotion to forge Chrome browser download sites that closely mimic official ones, making them highly deceptive. Once users mistakenly download the malicious installer, the Swim Snake remote access trojan is implanted into the system, enabling remote control of target devices and theft of sensitive data. Tracking shows the daily number of domestic infected devices (counted by IP) has peaked at over 17,000.

Security Intelligence

  1. New Information-Stealing Malware EDDIESTEALER Spreads via Fake CAPTCHAs


A new Rust-based information-stealing malware, EDDIESTEALER, is spreading through "fake CAPTCHA" phishing pages. Attackers use verification interfaces disguised as "I'm not a robot" to trick users into executing malicious PowerShell scripts, eventually deploying EDDIESTEALER on target Windows hosts. The malware can steal credentials, browser data, and cryptocurrency wallet information, and receives task configurations via C2 servers. It employs string and API call obfuscation, along with custom module loading and function parsing mechanisms, to increase analysis difficulty. While initial samples lack complex anti-virtualization mechanisms, there are signs that future variants may shift detection logic to the server side.


  1. Siemens SiPass Integrated Vulnerability Alert


Siemens SiPass Integrated contains an out-of-bounds read vulnerability. Successful exploitation may allow unauthenticated remote attackers to cause denial-of-service (DoS) conditions. Siemens reports the following affected products:


  • SiPass Integrated: Versions prior to V2.95.3.18
    Specific vulnerability:
  • CVE-2022-31812: The affected server application includes an out-of-bounds read beyond the allocated buffer when verifying incoming packet integrity, potentially allowing unauthenticated remote attackers to create DoS scenarios.


  1. Instantel Micromate Vulnerability Alert


Instantel Micromate has a vulnerability where key functions lack authentication. Successful exploitation may allow unauthenticated attackers to access the device's configuration port and execute commands.
Affected versions:


  • All versions of Micromate
    Specific vulnerability:
  • CVE-2025-1907: Instantel Micromate lacks authentication on the configuration port, enabling attackers to execute commands if connected.


  1. Silent Werewolf Delivers Malicious Loaders via Disguised Emails Targeting Russia and Moldova


BI.ZONE recently disclosed two new attack campaigns linked to the long-active espionage group Silent Werewolf. The first targeted energy, aviation, and engineering enterprises in Russia, while the second expanded to Moldova and suspected Russian targets. Attackers spread malicious ZIP archives via meticulously disguised phishing emails, prompting users to download and execute nested LNK shortcuts. These LNK files use Windows system tools to automatically extract nested malicious components, execute commands without user knowledge, and deploy loaders to connect to C2 servers for final payloads. Although researchers couldn't capture the malicious payloads, the tactics, techniques, and procedures (TTPs) closely match Silent Werewolf's historical behavior, especially its commonly used XDigo malware. The attacks also leverage official Microsoft tools and encryption obfuscation, significantly enhancing stealth and persistence.

Vulnerability Alerts

  1. Cross-Site Scripting (XSS) Vulnerability in WordPress Plugin Dreamstime Stock Photos


WordPress and its plugins are products of the WordPress Foundation. WordPress is a PHP-based blogging platform that supports deploying personal blogs on PHP+MySQL servers. The Dreamstime Stock Photos plugin (versions 4.0 and earlier) contains an XSS vulnerability due to improper input sanitization, leading to reflected XSS.


  1. Null Pointer Dereference Vulnerability in Multiple Products from Linux and Other Vendors


Xen, an open-source virtual machine monitor developed by the University of Cambridge, UK, allows incompatible operating systems to run on the same computer and supports runtime migration to prevent downtime. Xen has a security vulnerability caused by a null pointer dereference, resulting in system denial-of-service.


  1. Security Vulnerability in PHPGurukul Medical Card Generation System


PHPGurukul Medical Card Generation System v1.0 has a vulnerability: the pagedes parameter in admin/contactus.php is vulnerable to HTML injection.


  1. Inadequate Authentication Mechanism in Asus GT-AC2900 Firmware


ASUS GT-AC2900 routers (versions prior to 3.0.0.4.386.42643) have an authorization vulnerability that allows the admin application to bypass authentication when processing remote input from unauthenticated users, leading to unauthorized access to the admin interface.


Tag: External Consultation Vulnerability Warning Security Intelligence Cybersecurity Consultation
Previous:No More
Next:No More
Return to list

Industry News