SAP Zero – Frostbite: How Russian RaaS Actor Qilin Exploited CVE-2025-31324 Weeks Before its Public Disclosure

CVE-2025-31324 hit the security world like a tsunami – an easily exploitable SAP vulnerability affecting enterprise environments across the globe. But while most assumed its exploitation began post-disclosure, new evidence suggests otherwise.
During an incident response led by OP Innovate for a major global enterprise, we uncovered proof that this vulnerability was actively exploited nearly three weeks before it was made public. While recent articles point the finger towards China-Linked APTs, we identified communication with known Cobalt Strike C2 infrastructure and IP addresses linked directly to Qilin, a notorious Russian-speaking Ransomware-as-a-Service group.

Pulse ID: 682cc36c603a5683307d027d
Pulse Link: https://otx.alienvault.com/pulse/682cc36c603a5683307d027d
Pulse Author: AlienVault
Created: 2025-05-20 18:01:16

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#China #CobaltStrike #CyberSecurity #InfoSec #OTX #OpenThreatExchange #RaaS #RansomWare #RansomwareAsAService #Russia #Vulnerability #bot #AlienVault

For the latest discoveries in cyber research for the week of 24th March, please check our Threat Intelligence Report:

https://research.checkpoint.com/2025/24th-march-threat-intelligence-report/

#CyberSecurity #Ransomware #ransomwareasaservice #vulnerability #patches

Moonstone Sleet's Shift to Ransomware-as-a-Service: A New Era in Cyber Threats

https://thedefendopsdiaries.com/moonstone-sleets-shift-to-ransomware-as-a-service-a-new-era-in-cyber-threats

#moonstonesleet
#ransomwareasaservice
#northkoreanhackers
#cybersecuritytrends
#qilinransomware

#Ransomware im LLM: Forscher füttern ChatGPT mit Daten der "#BlackBasta"-Bande | Security https://www.heise.de/news/Einblicke-in-Ransomware-Geschaeft-ChatGPT-kennt-Interna-von-Black-Basta-10290984.html #RansomwareAsAService #RAAS #DataLeak #Datenleck #Malware

📬 LockBit: Darknet-Site lässt auf neue Enthüllungen schließen
#Cyberangriffe #DarkCommerce #Lockbit #LockbitSupp #NationalCrimeAgency #OperationCronos #RansomwareasaService #vxuntergrund https://sc.tarnkappe.info/e731e4

📬 LockBit-Mitglied verurteilt: Vier Jahre Haft für Bandenmitglied
#Malware #Rechtssachen #Cyberkriminalität #FBI #Lockbit #LockBitRansomware #MichelleFuerst #MikhailVasiliev #RansomwareasaService https://sc.tarnkappe.info/f73233

📬 Täter gaben zu, den Epic Games Hack erfunden zu haben
#Cyberangriffe #Gaming #CyberDaily #EpicGames #Fortnite #Mogilevich #RansomwareasaService #RansomwareGang https://sc.tarnkappe.info/ac4731

FBI and CISA publish guide to Living off the Land techniques
https://www.malwarebytes.com/blog/news/2024/02/fbi-and-cisa-publish-guide-to-living-off-the-land-techniques #security #LOTL #cyberattack #china #russia #AdvancedPersistentThreat
#RansomwareAsAService

IT-Trends: Professionalisierung der Cyberkriminalität 2024 https://www.it-daily.net/it-sicherheit/cybercrime/professionalisierung-der-cyberkriminalitaet-in-2024 #CyberCrime #Malware #Ransomware #OpenSource #MaaS #RaaS #MalwareAsAService #RansomwareAsAService

📬 Malware as a Service (MaaS) im Darknet: Hintergründe und Bedrohungen
#Hintergrundberichte #Malware #AlexanderZabrovsky #Backdoors #Botnets #Cyberkriminalität #Infostealer #kaspersky #Loader #MalwareasaService #RansomwareasaService https://tarnkappe.info/artikel/it-sicherheit/malware/malware-as-a-service-maas-im-darknet-hintergruende-und-bedrohungen-276234.html

How LockBit Changed Cybersecurity Forever

LockBit put affiliates in charge of negotiations and payments. By doing so, trust was established and the fear of being swindled was removed. This shift, coupled with an improved ransomware product, made LockBit the preferred choice - the group is now responsible for almost half of all ransomware attacks worldwide

#lockbit #ABCD #RaaS #RansomwareAsAService #cybergangs #ransomware #malware #security #cybersecurity #hacking

https://securityintelligence.com/articles/how-lockbit-changed-cybersecurity/

#RansomwareAsAService
#Hive

U.S. Department of Justice Disrupts Hive Ransomware Variant

FBI Covertly Infiltrated Hive Network, Thwarting Over $130 Million in Ransom Demands

https://www.justice.gov/opa/pr/us-department-justice-disrupts-hive-ransomware-variant

Cybercrime: Polizei zerschlägt Ransomware-Gruppe "Hive"
von Volker Briegleb

https://www.heise.de/news/Cybercrime-Polizei-zerschlaegt-Ransomware-Gruppe-Hive-7472192.html

#RansomwareAsAService
#Hive

U.S. Department of Justice Disrupts Hive Ransomware Variant

FBI Covertly Infiltrated Hive Network, Thwarting Over $130 Million in Ransom Demands

https://www.justice.gov/opa/pr/us-department-justice-disrupts-hive-ransomware-variant

Cybercrime: Polizei zerschlägt Ransomware-Gruppe "Hive"
von Volker Briegleb

https://www.heise.de/news/Cybercrime-Polizei-zerschlaegt-Ransomware-Gruppe-Hive-7472192.html

📬 Hive-Ransomware-Group: Hacker-Netzwerk zerschlagen
#Cyberangriff #DarkCommerce #europol #HackerNetzwerk #HiveRansomwareGroup #KriminalpolizeidirektionEsslingen #PolizeipräsidentUdoVogel #RansomwareasaService #USJustizministerium https://tarnkappe.info/artikel/cyberangriff/hive-ransomware-group-hacker-netzwerk-zerschlagen-264221.html

📬 Emotet-Botnet verbreitet nun neue Ransomware
#Hacking #BlackCat #Botnetz #Conti #Cybercrime #Emotet #RansomwareasaService #Trojaner https://tarnkappe.info/artikel/hacking/emotet-botnet-verbreitet-nun-neue-ransomware-256043.html

📬 LockBit Ransomware erbeutet Daten italienischer Steuerzahler
#Hacking #Malware #BugBountyProgram #Hackerangriff #Lockbit #Lösegeldforderung #RansomwareAngriff #RansomwareasaService #RansomwareErpressung https://tarnkappe.info/artikel/hacking/lockbit-ransomware-erbeutet-daten-italienischer-steuerzahler-253068.html

📬 Lesetipps: Krieg der Waschmaschinen, Big Brother Awards
#Lesetipps #Anonymous #bigbrotherawards #MicrosoftSecurity #RansomwareasaService #StefanundSven #SuperAgent https://tarnkappe.info/lesetipps/lesetipps-krieg-der-waschmaschinen-big-brother-awards-242109.html