BRONZE BUTLER Exploits Zero-Day in LANSCOPE Endpoint Manager

Cyber Security News by CyberSum.net

Published on October 31, 2025 at 06:00 PM

3 sources

In mid-2025, Secureworks CTU researchers uncovered a sophisticated cyber campaign by the BRONZE BUTLER group, exploiting a zero-day vulnerability in Motex LANSCOPE Endpoint Manager. This campaign, which has been ongoing for over a decade, targets specific organizations and government entities. The vulnerability, CVE-2025-61932, allows remote attackers to execute arbitrary commands with SYSTEM privileges. The group used advanced malware like Gokcpdoor and Havoc, alongside legitimate tools for reconnaissance and data exfiltration. International cybersecurity authorities quickly responded, highlighting the severity of the threat.

Also Read

Lampion Banking Trojan Evolves with New Social Engineering Tactics

A cybercriminal group has refined its malware campaign by incorporating innovative social engineering techniques and multi-stage infection chains to deliver the Lampion banking trojan. The campaign, active since 2019, targets Portuguese-speaking banks and uses complex infection methods to evade detection. Researchers have noted significant tactical evolution, including the use of ClickFix lures and compromised email accounts. The infection chain involves multiple obfuscated Visual Basic script stages, with the final payload being a 700MB DLL file designed to evade analysis. The threat actors maintain sophisticated infrastructure to support their operations, demonstrating a commitment to stealth and evasion.

By Cyber Security News by CyberSum.netOctober 31, 2025 at 09:00 AM