ACCORDING to SecurityWeek, Taiwan-based TeamT5 has confirmed that the vulnerability added recently by CISA to its Known Exploited Vulnerabilities (KEV) catalog was likely exploited by Chinese threat actors. The flaw, CVE-2024-7694, enables an attacker with admin privileges to upload malicious files, potentially allowing arbitrary command execution on the server, and was fixed in August 2024.
TeamT5 noted that attacks exploiting CVE-2024-7694 occurred in 2024 and targeted only a few customers, who were notified and helped with patching and mitigations. In a blog post this week, the company said the exploitation was part of a highly coordinated and targeted attack aimed at high-profile customers, with the threat actor investing significant resources to find a vulnerability in ThreatSonar.
TeamT5 now reports that the exploitation was likely a supply chain attack conducted by Chinese APTs it tracks as Slime57 and Slime62, using hundreds of IP addresses—mostly compromised devices in Taiwan—to conceal their identity, and added that all customers were updated in 2024.