{"id":214067,"date":"2025-05-15T01:16:27","date_gmt":"2025-05-15T06:16:27","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/05\/bianlian-and-ransomexx-exploit-sap-netweaver-flaw-to-deploy-pipemagic-trojan"},"modified":"2025-05-15T01:16:27","modified_gmt":"2025-05-15T06:16:27","slug":"bianlian-and-ransomexx-exploit-sap-netweaver-flaw-to-deploy-pipemagic-trojan","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/05\/bianlian-and-ransomexx-exploit-sap-netweaver-flaw-to-deploy-pipemagic-trojan","title":{"rendered":"BianLian and RansomExx Exploit SAP NetWeaver Flaw to Deploy PipeMagic Trojan"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/bianlian-and-ransomexx-exploit-sap-netweaver-flaw-to-deploy-pipemagic-trojan.jpg\"><\/a><\/p>\n<p>At least two different cybercrime groups BianLian and RansomExx are said to have exploited a recently disclosed security flaw in SAP NetWeaver tracked as <a href=\"https:\/\/thehackernews.com\/2025\/04\/sap-confirms-critical-netweaver-flaw.html\">CVE-2025\u201331324<\/a>, indicating that <a href=\"https:\/\/thehackernews.com\/2025\/05\/china-linked-apts-exploit-sap-cve-2025.html\" rel=\"noopener\" target=\"_blank\">multiple threat actors<\/a> are taking advantage of the bug.<\/p>\n<p>Cybersecurity firm ReliaQuest, in a <a href=\"https:\/\/reliaquest.com\/blog\/threat-spotlight-reliaquest-uncovers-vulnerability-behind-sap-netweaver-compromise\/\" rel=\"noopener\" target=\"_blank\">new update<\/a> published today, said it uncovered evidence suggesting involvement from the BianLian data extortion crew and the RansomExx ransomware family, which is traced by Microsoft under the moniker Storm-2460.<\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2024\/03\/bianlian-threat-actors-exploiting.html\" rel=\"noopener\" target=\"_blank\">BianLian<\/a> is assessed to be involved in at least one incident based on infrastructure links to IP addresses previously identified as attributed to the e-crime group.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>At least two different cybercrime groups BianLian and RansomExx are said to have exploited a recently disclosed security flaw in SAP NetWeaver tracked as CVE-2025\u201331324, indicating that multiple threat actors are taking advantage of the bug. Cybersecurity firm ReliaQuest, in a new update published today, said it uncovered evidence suggesting involvement from the BianLian data [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[],"class_list":["post-214067","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/214067","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=214067"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/214067\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=214067"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=214067"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=214067"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}