Friday, May 09, 2025 // (IG): BB // GITHUB // SN R&D
Chinese Threat Actor Chaya_004 Exploits SAP NetWeaver RCE Flaw (CVE-2025-31324) to Deploy Golang-Based SuperShell
Bottom Line Up Front (BLUF): Multiple threat actors, including a suspected Chinese group dubbed Chaya_004, are exploiting a critical SAP NetWeaver vulnerability (CVE-2025-31324, CVSS 10.0) to deploy web shells and post-exploitation tools such as SuperShell. The flaw allows remote code execution and is actively used in attacks against various industries worldwide.
Analyst Comments: The emergence of Chaya_004 and its use of Golang-based tooling indicates a shift toward more flexible and evasive cross-platform payloads. While the vulnerability is already patched, exploitation continues against unpatched systems, highlighting both patching lag and threat actor adaptability. Integrating tools like Cobalt Strike, SoftEther VPN, and GOSINT signals a well-resourced group capable of executing reconnaissance, lateral movement, and persistence. Organizations running SAP environments must act quickly to mitigate risk and continuously monitor for residual web shell activity post-patch.
FROM THE MEDIA: First identified by ReliaQuest and confirmed in widespread use by Onapsis and Mandiant, attacks began as early as March and have affected sectors including energy, pharmaceuticals, and government. Chaya_004 has deployed a Golang reverse shell named SuperShell from a China-based IP address, using infrastructure and hosting tools like SoftEther VPN, ARL, and Pocassist. The attackers impersonated Cloudflare certificates to evade detection. SAP has issued patches, and security experts urge immediate application, endpoint monitoring, and service restrictions as mitigation steps.
READ THE STORY: THN
FBI Warns Hackers Are Exploiting End-of-Life Routers to Obscure Cyberattack Origins
Bottom Line Up Front (BLUF): The FBI has issued a security advisory warning that threat actors increasingly leverage end-of-life (EOL) routers to mask their identity and launch attacks against critical U.S. infrastructure. Cybercriminal services such as 5Socks and Anyproxy are incorporating these unsupported devices into global botnets and proxy networks.
Analyst Comments: These devices, lacking updates or vendor support, serve as ideal covert entry points and relay stations for cybercriminals. With malware embedded in router firmware and remote administration features commonly left exposed, they offer attackers persistence and stealth. Organizations must urgently audit their network assets, replace deprecated hardware, and implement network segmentation to contain threats.
FROM THE MEDIA: The FBI issued a public advisory revealing a surge in cyberattacks exploiting obsolete routers no longer receiving firmware updates. These devices are being compromised and repurposed into proxy networks used to anonymize malicious activity, such as attacks on critical infrastructure. Models named include Linksys E1200, E2500, WRT320N, and E4200. Once infected, the routers host persistent malware connected to remote command-and-control servers. Detection is difficult, as standard antivirus solutions often do not scan router firmware. The FBI advises replacing EOL routers or, at a minimum, disabling remote access features and rebooting devices regularly to reduce risk.
READ THE STORY: GBhacker
US Sanctions Disrupt Chinese Refiners' Operations Over Iranian Oil Trade
Bottom Line Up Front (BLUF): Recent US sanctions targeting two Chinese "teapot" refiners—Shandong Shouguang Luqing Petrochemical and Shandong Shengxing Chemical—have significantly disrupted their ability to import and process Iranian crude oil. These measures have triggered operational challenges, deterred other refiners, and widened discounts on Iranian Light crude as Beijing balances trade interests with US pressure.
Analyst Comments: The US Treasury’s sanctions are part of a broader strategy to economically isolate Iran and force nuclear negotiations by pressuring its main oil customer—China. The disruption to Shandong-based refiners demonstrates how secondary sanctions can have ripple effects across supply chains, financing, and port operations. This also signals a tightening compliance environment in China's energy sector, particularly as other independent refiners reassess Iranian crude purchases. While China opposes unilateral US sanctions, operational risk may now outweigh the cost advantages of sanctioned oil, likely prompting a temporary shift to alternative sources.
FROM THE MEDIA: US sanctions imposed in March and April on two small Chinese independent refiners for importing Iranian oil have forced them to reroute shipments, change sales channels, and face financing hurdles. Shandong Port Group reportedly denies tanker access, forcing rerouting to private terminals. Financial institutions and major crude suppliers like CNOOC have distanced themselves, cutting ties and halting shipments. The sanctioned firms, Luqing and Shengxing, have used new sales entities to bypass restrictions. Meanwhile, at least five other independent refiners in Shandong have ceased Iranian oil purchases due to fear of secondary sanctions, leading to broader disruption in regional oil trading practices.
READ THE STORY: Reuters
US Lawmakers Urge DHS to Assess Chinese SIGINT Threat from Cuba
Bottom Line Up Front (BLUF): A group of U.S. lawmakers is demanding a classified threat assessment from the Department of Homeland Security (DHS) on China’s growing intelligence operations in Cuba, including four suspected signals intelligence (SIGINT) facilities potentially targeting U.S. critical infrastructure and military installations. The request reflects mounting concern over China's asymmetric surveillance capabilities 90 miles from U.S. shores.
Analyst Comments: This bipartisan call for transparency and action signals an escalation in congressional focus on Chinese cyber and electronic intelligence activities in the Western Hemisphere. Using Cuban territory for geospatial and electromagnetic surveillance presents significant homeland security implications, particularly with Chinese tech firms like Huawei and ZTE involved in local infrastructure. These installations could serve as forward-operating nodes for cyber espionage, command-and-control operations, or even peacetime SIGINT collection targeting sensitive U.S. communications. Coordination between DHS, DoD, and the Intelligence Community will be essential to countering this threat vector and mitigating exposure of U.S. critical infrastructure.
FROM THE MEDIA: The lawmakers cited evidence of at least four Chinese-linked SIGINT facilities, with operational activity reported at sites like Bejucal, Wajay, and Calabazar. These facilities are in proximity to high-value U.S. assets, including Guantánamo Bay and Cape Canaveral, potentially enabling surveillance of U.S. defense and aerospace operations. Lawmakers also referenced testimony from General Dan Caine, who confirmed PRC malware activity across Latin America. The letter calls for detailed DHS insights into surveillance risks, infrastructure upgrades, interagency coordination, and efforts to warn U.S. industries. The growing China-Cuba alliance, bolstered by billions in investment and telecom deals with Huawei and ZTE, further amplifies national security concerns.
READ THE STORY: Industrial
Baidu Files Patent for AI System to Translate Animal Sounds into Human Language
Bottom Line Up Front (BLUF): Chinese tech giant Baidu has filed a patent to develop an AI-powered system capable of translating animal vocalizations into human language. The proposed technology uses multimodal data—including sound, behavior, and physiology—to interpret emotional states and semantic meaning from animal communication.
Analyst Comments: This patent represents a novel fusion of AI, behavioral science, and signal processing to bridge the human-animal communication gap. While still in the research phase, such innovation could open new consumer technology, veterinary science, and animal training markets. However, the practical challenges of accurately interpreting cross-species emotional and semantic signals remain significant. If commercialized, Baidu’s system could pioneer a new subfield of affective computing, potentially with ethical, privacy, and security implications should similar models be applied to surveillance or human emotion analysis.
FROM THE MEDIA: Baidu filed the patent with China's National Intellectual Property Administration, detailing a system that combines audio recordings, behavioral patterns, and physiological signals to interpret animal emotions and translate them into human language. The technology would analyze and map emotional data into semantically meaningful phrases. The announcement has sparked significant interest on Chinese social media, with some expressing excitement about understanding pets and others questioning real-world feasibility. Baidu noted the project is still in the research phase and did not commit to a product release timeline. Similar efforts by international research groups, such as Project CETI and the Earth Species Project, are already underway globally to decode animal communication using AI.
READ THE STORY: Reuters
RCE Vulnerability in Ubiquiti UniFi Protect Cameras Threatens Global Surveillance Networks
Bottom Line Up Front (BLUF): (CVE-2025-23123) in Ubiquiti UniFi Protect Camera firmware allows remote code execution (RCE) with a CVSS score of 10.0, exposing over 1.2 million devices to hijacking. A secondary flaw (CVE-2025-23164) in the UniFi Protect Application compromises livestream privacy through improperly revoked access tokens.
Analyst Comments: Given that the RCE vector requires no user interaction and the vulnerability resides at the network level, attackers with lateral access could weaponize cameras for deeper infiltration. While less critical, the misconfigured livestream token revocation issue highlights a trend in poor session and permission management across IoT surveillance platforms. This incident emphasizes the need for rigorous patching, network segmentation, and adherence to zero-trust principles as IoT-driven surveillance expands.
FROM THE MEDIA: The first, CVE-2025-23123, is a heap buffer overflow in camera firmware versions 4.75.43 and earlier that can be exploited remotely to execute arbitrary code without authentication. The second, CVE-2025-23164, affects the UniFi Protect Application and stems from ineffective revocation of livestream sharing tokens, allowing continued access even after links are disabled. Researcher Mathew Marcus discovered the firmware flaw, while Mike S. Schonert reported the application-level issue. Ubiquiti has issued patches in firmware version 4.75.62 and Protect App version 5.3.45. The company advises urgent updates and temporary feature deactivation to reduce exposure.
READ THE STORY: GBhackers
U.S. Tariffs Slash China’s Exports to America as Southeast Asia Trade Surges
Bottom Line Up Front (BLUF): China’s exports rose 8.1% in April 2025 despite a 21% plunge in shipments to the U.S. Trade with Southeast Asian nations surged nearly 21%, mitigating the impact of new U.S. tariffs. China and the U.S. have imposed triple-digit duties on each other’s goods, accelerating a shift in global trade patterns and triggering concerns over domestic deflation and job losses in China.
Analyst Comments: Beijing’s rerouting of exports to ASEAN markets is a tactical response to Washington’s punitive tariffs. However, it may not be sustainable if deflationary pressures deepen and domestic demand falters. The trade war is increasingly shaping macroeconomic outcomes and digital infrastructure risks, particularly for supply chains relying on Chinese hardware. Watch for further retaliation or regulatory shifts affecting cross-border tech operations, including cyber and semiconductor industries.
FROM THE MEDIA: Imports from the U.S. also fell nearly 14%. Analysts believe the strong overall export figures were buoyed by a 20.8% increase in shipments to the Association of Southeast Asian Nations (ASEAN), with notable export growth to Indonesia and Thailand. China’s trade with the EU also saw modest export growth of 8.3% despite falling imports. Amid the tariff pressures, China is reportedly stepping up fiscal and monetary stimulus and redirecting exports to its domestic market, potentially worsening ongoing deflation. Talks scheduled in Switzerland between U.S. and Chinese officials are raising hopes for a phased tariff rollback, though a comprehensive resolution remains unlikely in the near term.
READ THE STORY: CNBC
Azure Blob Storage Utility Vulnerability Enables Local Privilege Escalation to Root on Linux VMs
Bottom Line Up Front (BLUF): (CVE-2025-23123) in Ubiquiti UniFi Protect Camera firmware allows remote code execution (RCE) with a CVSS score of 10.0, exposing over 1.2 million devices to hijacking. A secondary flaw (CVE-2025-23164) in the UniFi Protect Application compromises livestream privacy through improperly revoked access tokens.
Analyst Comments: Misconfigured SUID binaries, especially those tied to critical data-handling utilities, remain a recurring risk in Linux systems. The flaw could enable attackers to compromise containers or escalate lateral movement in multitenant environments. The vulnerability highlights the importance of auditing pre-installed cloud tools and maintaining a zero-trust posture within shared compute resources.
FROM THE MEDIA: Varonis Threat Labs identified a critical privilege escalation flaw in the Azure AZNFS-mount utility in Azure Linux VMs designed for AI and HPC workloads. The utility, meant to simplify access to Blob Storage via NFS, included a SUID binary (mount.aznfs) that incorrectly preserved user-controlled environment variables when invoking a shell script. By exploiting the BASH_ENV variable, a local attacker could trigger arbitrary command execution as root. Microsoft assigned the flaw a low severity rating due to the local-access requirement, but released a fix in version 2.0.11. Users are urged to update immediately and audit systems for similar misconfigurations.
READ THE STORY: GBhackers
Items of interest
US Retains AI Leadership Over China Despite R1 Breakthrough, Insikt Group Finds
Bottom Line Up Front (BLUF): China remains behind the US in overall artificial intelligence (AI) capabilities despite its recent advancements, including the release of the DeepSeek R1 model in early 2025. According to Insikt Group’s comprehensive assessment, China’s AI ecosystem lags in funding, talent, hardware, and diffusion capacity. However, it continues to close the gap through open-source innovation, government-backed investments, and aggressive industrial policy.
Analyst Comments: While the release of DeepSeek R1 marked a symbolic "Sputnik moment," Insikt’s analysis tempers fears of imminent AI supremacy by China. The US still leads private sector investment, access to elite talent, computing infrastructure, and core innovation. However, China's emphasis on diffusion, particularly via open-source distribution, and resilience in the face of export controls suggests a long-term competitive trajectory. Strategic risks remain, especially as China leverages economic espionage, regulatory advantages, and a state-aligned AI development model. The AI race is no longer solely about frontier models but national capacity to implement and operationalize them at scale.
FROM THE MEDIA: Despite China’s goal to lead in AI by 2030 and its January 2025 release of the DeepSeek R1 model — which caused a historic market loss for Nvidia — Insikt assesses that the US still leads in nearly all critical AI development pillars. These include venture capital funding, elite talent pools, hardware capabilities, and regulatory flexibility. China, however, is closing the performance gap and leads in generative AI patent filings. It also benefits from a synergistic collaboration between government, academia, and private companies, and is aggressively investing in its semiconductor capabilities to reduce reliance on US technologies. The report warns that the true battleground may be in AI diffusion, not just innovation, and urges Western entities to strengthen IP protections, export compliance, and global talent strategies.
READ THE STORY: RecordedFuture
We Investigated China’s Silicon Valley (It's Not What We Expected) (Video)
FROM THE MEDIA: What we saw was beyond anything we expected: Robots running hotels, EV adoption so widespread that gas cars are nearly extinct, AI integrated into factories, streets, and classrooms. Our trip broke a lot of the biases and myths we had about China.
Yuval Noah Harari: This Election Will Tear The Country Apart! AI Will Control You By 2034! (Video)
FROM THE MEDIA: Yuval Noah Harari is a best-selling author, public intellectual and Professor of History at the Hebrew University of Jerusalem. He is the author of multi-million bestseller books such as, ‘Sapiens: A Brief History of Humankind’ and ‘Homo Deus: A Brief History of Tomorrow’.
The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.