In 2025, researchers identified a cyberattack by the BRONZE BUTLER group, backed by the Chinese state, targeting a zero-day vulnerability in Motex LANSCOPE Endpoint Manager to infiltrate corporate networks and steal sensitive data. This incident adds to the group’s history of exploiting Japanese software vulnerabilities. Notably, they previously targeted SKYSEA Client View in 2016. The Japan Computer Emergency Response Team and the U.S. Cybersecurity Agency quickly responded to the LANSCOPE vulnerability, highlighting its severity. The flaw, CVE-2025-61932, allows attackers to execute commands with SYSTEM-level privileges, facilitating unauthorized control and data theft. Attackers used OAED Loader malware to conceal their activities and exfiltrated data using cloud services. The BRONZE BUTLER group also deployed Gokcpdoor malware, showcasing significant advancements since 2023, and utilized various tools for reconnaissance and lateral movement. Organizations are urged to patch systems promptly and review network exposures.
Are Cybercriminals Exploiting LANSCOPE Endpoint Manager’s Zero-Day Vulnerability to Steal Data?
