Svoboda Cybersecurity Brief April 29, 2025
Apr 29, 2025bulletproof VPN - stay anonymous
Scattered Spider Linked to Marks & Spencer Ransomware Attack
British retail giant Marks & Spencer suffered a ransomware attack believed to be conducted by the Scattered Spider group. The attackers stole Active Directory password hashes in February before deploying the DragonForce encryptor on VMware ESXi hosts on April 24. The attack disrupted contactless payments and warehouse operations.
Source: BleepingComputer
Critical SAP NetWeaver Vulnerability Actively Exploited
Over 1,200 SAP NetWeaver servers are vulnerable to CVE-2025-31324, a maximum severity unauthenticated file upload flaw allowing remote code execution. Researchers observed attackers dropping web shells like “cache.jsp” and “helper.jsp” on compromised systems.
Impact: Full system compromise through arbitrary code execution.
Mitigation: Apply SAP’s April 25 patch or restrict access to /developmentserver/metadatauploader.
Source: BleepingComputer
Hitachi Vantara Hit by Akira Ransomware Attack
Hitachi’s IT subsidiary took servers offline after an April 26 ransomware attack by the Akira group, which allegedly stole data. The attack impacted internal systems but spared cloud services. Akira has extorted ~$42 million from 250+ victims since 2023.
Source: BleepingComputer
VeriSource Discloses 4M-Person Data Breach
Employee benefits firm VeriSource revealed a February 2024 breach exposing names, SSNs, and birth dates of 4 million individuals. Attackers accessed systems on February 27, but notification delays stretched into April 2025.
Source: BleepingComputer
Cloudflare Mitigates Record 20.5M DDoS Attacks in Q1 2025
Cloudflare reported a 358% YoY increase in DDoS attacks, including 700+ hyper-volumetric attacks exceeding 1 Tbps. Notable trends include CLDAP reflection attacks (up 3,488% QoQ) and gaming server targeting. A record 5.8 Tbps attack was mitigated in April.
Source: BleepingComputer
Darcula Phishing Kit Adds AI-Generated Forms
The Darcula PhaaS platform now uses generative AI to create multilingual phishing forms and localized translations, lowering the technical bar for attackers. The service mimics legitimate SaaS infrastructure using JavaScript frameworks and Docker.
Source: TheHackerNews
Craft CMS Zero-Day Exploited to Hack 300+ Sites
Attackers chained CVE-2024-58136 (Yii framework flaw) and CVE-2025-32432 (Craft CMS RCE) to compromise ~300 websites. Exploits involved brute-forcing asset IDs and downloading malicious PHP files from GitHub.
Impact: Remote code execution via image transformation API abuse.
Mitigation: Update to Craft CMS 3.9.15/4.14.15/5.6.17 or install the Security Patches library.
Source: SecurityWeek
Earth Kurma APT Targets SE Asia with Custom Rootkits
The newly identified Earth Kurma group attacked governments and telcos in the Philippines, Vietnam, and Malaysia using KRNRAT and Moriya rootkits. The campaign exfiltrates data via Dropbox/OneDrive using SIMPOBOXSPY and ODRIZ tools.
Source: TheHackerNews
Fake WooCommerce Patch Drops Backdoors
A phishing campaign spoofs WooCommerce security alerts, directing victims to download a “patch” from woocommėrce[.]com (homograph domain). The malware creates hidden admin accounts and deploys web shells like P.A.S.-Fork and WSO.
Source: TheHackerNews
Critical Flaws in Planet Technology Industrial Switches
CISA warned of 5 critical vulnerabilities in Planet Technology’s industrial switches and NMS devices, including hardcoded credentials (CVE-2025-2567) and command injection flaws allowing remote admin access.
Impact: Unauthenticated attackers can execute OS commands on critical infrastructure devices.
Mitigation: Apply patches released on April 16.
Source: SecurityWeek
MTN Group Discloses Customer Data Breach
Africa’s telecom giant MTN confirmed unauthorized access to customer data in some markets, though core networks remained uncompromised. The company did not disclose the number of affected individuals.
Source: SecurityWeek
Share this brief: https://svo.bz/bnYy
If you want to support us, you can donate here: Donate