doops. Member Jun 3, 2020 5,141 Many thanks to MoonlitSeer for the more accurate screenshots taken from Twitter. You can cross-reference these with his account on there for yourself. I won't be linking to it here, since it's (rightfully so) a banned source. Apparently also, Twitter now only shows a selection of follows, so the original screenshot from Reddit may well still be accurate, but this one is at least more verifiable currently.   Savinowned Member Oct 25, 2017 1,493 Nashville, TN That's a bummer. Do we have any history of him saying sketchy stuff? I loved the last rematch beta and was excited to play the upcoming one next weekend   MoonlitSeer Fallen Guardian Member Jun 9, 2023 1,977 I'll just add that I was in the process of cross-referencing these with the prior post when the topic was locked. I personally checked all of the ones listed here and can verify they are accurate as of about 30 minutes prior from the time of this post.   Rosebud Two Pieces Member Apr 16, 2018 51,258 .   OP OP doops. Member Jun 3, 2020 5,141 MoonlitSeer said: I'll just add that I was in the process of cross-referencing these with the prior post when the topic was locked. I personally checked all of the ones listed here and can verify they are accurate as of about 30 minutes from the time of this post. Click to expand... Click to shrink... Appreciate you! ❤️  CaptainFreud Banned Aug 19, 2022 8 User banned (permanent): Troll account Unless he's actively reposting and sharing anti-trans or genocidal rhetoric, I really don't care. News flash: the people that make the games you play have a variety of backgrounds and won't always ace your purity tests.   skillzilla81 "This guy are sick" The Fallen Oct 25, 2017 11,316 CaptainFreud said: Unless he's actively reposting and sharing anti-trans or genocidal rhetoric, I really don't care. News flash: the people that make the games you play have a variety of backgrounds and won't always ace your purity tests. Click to expand... Click to shrink... Good for you.  Nocturne Member Oct 25, 2017 2,217 thanks for the heads-up. know a couple people who sounded interested in this game who'd probably wanna know about something like this.   Firmus_Anguis AVALANCHE Member Oct 30, 2017 8,491 CaptainFreud said: Unless he's actively reposting and sharing anti-trans or genocidal rhetoric, I really don't care. News flash: the people that make the games you play have a variety of backgrounds and won't always ace your purity tests. Click to expand... Click to shrink... That's all you got? Ya'll are getting so incredibly predictable. Just report and move on, people. Incoming permaban.  Qwark Member Oct 27, 2017 10,251 Incredibly disappointing. Another one to avoid.   DanDanderson Member May 7, 2024 298 As a general note, this is not only the creative director but also a co-founder of the studio. MoonlitSeer said: I'll just add that I was in the process of cross-referencing these with the prior post when the topic was locked. I personally checked all of the ones listed here and can verify they are accurate as of about 30 minutes prior from the time of this post. Click to expand... Click to shrink... Same. The original screenshot is accurate. You don't see all followers on Twitter, and the ones you do see change - it's not a static list. He does follow all the people in the original screenshot including RadioGenoa and Grummz.  Bricks "This guy are sick" Member Nov 6, 2017 746 Well, I got Sifu for free from the Epic Games Store, so... that's fine, I guess? Who am I kidding, I'll never have time to play it anyway.   JoeInky Member Oct 25, 2017 4,075 CaptainFreud said: Unless he's actively reposting and sharing anti-trans or genocidal rhetoric, I really don't care. News flash: the people that make the games you play have a variety of backgrounds and won't always ace your purity tests. Click to expand... Click to shrink... Ok and? There are 100s of games released every day, why are people like you constantly so bothered about the idea that people might skip one of those games for ideological reasons?  Eevea Member Sep 23, 2022 485 CaptainFreud said: Unless he's actively reposting and sharing anti-trans or genocidal rhetoric, I really don't care. News flash: the people that make the games you play have a variety of backgrounds and won't always ace your purity tests. Click to expand... Click to shrink... It's not a "purity test", it's a decency test. When it comes to the matter of real people's lives, it's not an "opinion", it's not "politics". Just because you can overlook shitty people doesn't mean everyone has that luxury.  Buttonbasher Member Dec 4, 2017 5,752 Thanks for the heads up. Will avoid.   GTOAkira Member Sep 1, 2018 13,401 Not afraid to defend my country lmao Following that first account is enough to show what kind of person he is.  DrScruffleton Member Oct 26, 2017 14,889 CaptainFreud said: Unless he's actively reposting and sharing anti-trans or genocidal rhetoric, I really don't care. News flash: the people that make the games you play have a variety of backgrounds and won't always ace your purity tests. Click to expand... Click to shrink... Messages: 8 Joined: 2022  OP OP doops. Member Jun 3, 2020 5,141 CaptainFreud said: Unless he's actively reposting and sharing anti-trans or genocidal rhetoric, I really don't care. News flash: the people that make the games you play have a variety of backgrounds and won't always ace your purity tests. Click to expand... Click to shrink... the irony of having your pronouns under your name and saying dumb shit like this. go back to r/reseterainaction you rat  Sande Member Oct 25, 2017 7,176 CaptainFreud said: Unless he's actively reposting and sharing anti-trans or genocidal rhetoric, I really don't care. News flash: the people that make the games you play have a variety of backgrounds and won't always ace your purity tests. Click to expand... Click to shrink... Congrats for not caring...? Like yeah, there's all kinds of people working in games but not all of them broadcast where they stand like this. And this is in a leadership position.  Zigludo Member Aug 17, 2020 59 CaptainFreud said: Unless he's actively reposting and sharing anti-trans or genocidal rhetoric, I really don't care. News flash: the people that make the games you play have a variety of backgrounds and won't always ace your purity tests. Click to expand... Click to shrink... Nice alt account you got there.   METAL GEAR REX Member Jun 11, 2023 2,550 Edit: I regret ever asking questions on here.   Last edited: 10 minutes ago TheCat Member Dec 20, 2023 917 Eevea said: It's not a "purity test", it's a decency test. When it comes to the matter of real people's lives, it's not an "opinion", it's not "politics". Just because you can overlook shitty people doesn't mean everyone has that luxury. Click to expand... Click to shrink... Aren't you literally playing the new Doom Game? You know who sees your money, right?  Fat4all Woke up, got a money tag, swears a lot Member Oct 25, 2017 107,533 here turns out Twitter is a shit website that doesn't accurately show followers, who knew   JoeInky Member Oct 25, 2017 4,075 doops. said: the irony of having your pronouns under your name and saying dumb shit like this. go back to r/reseterainaction you rat Click to expand... Click to shrink... I genuinely believe some people set up their pronouns just to mock the concept and not because they want people to respect their identity, like that guy who got banned in one of the offtopic threads with an LGBT flag avatar spouting a bunch of bigoted shit  Kudo Member Oct 25, 2017 4,300 Wait, following? Am I missing something here?   RomanceDawn Teacher of Superheroines Member Oct 29, 2017 1,240 Los Angeles I know some of the martial artists who worked on this game. Good people who completely align themselves with much of this board. The world isn't so black and white. In all that you love you will find something you hate, and in all that you hate you will find something you love.  Fat4all Woke up, got a money tag, swears a lot Member Oct 25, 2017 107,533 here love all the folks coming out of the woodwork to defend following anti-trans bigots very organized  Eevea Member Sep 23, 2022 485 TheCat said: Aren't you literally playing the new Doom Game? You know who sees your money, right? Click to expand... Click to shrink... As far as I know, Hugo Martin is not a bigot.  MoonlitSeer Fallen Guardian Member Jun 9, 2023 1,977 DanDanderson said: As a general note, this is not only the creative director but also a co-founder of the studio. Same. The original screenshot is accurate. You don't see all followers on Twitter, and the ones you do see change - it's not a static list. He does follow all the people in the original screenshot including RadioGenoa and Grummz. Click to expand... Click to shrink... Yea, and you can also follow the account to verify who they follow by visiting, since it will show on those pages. For example: You can see here he follows Grummz (taken just now).  Ultrapop Member Aug 19, 2022 206 R’lyeh Fat4all said: love all the folks coming out of the woodwork to defend following anti-trans bigots very organized Click to expand... Click to shrink... Funny how bigots always get the benefit of the doubt, huh?  Kyuuji The Favonius Fox Member Nov 8, 2017 38,393 Rowling's twitter feed is just wall to wall the vilest transphobia, and has been for years. If you didn't want to see it, you wouldn't be following her.   JoeInky Member Oct 25, 2017 4,075 The three genres of dismissive posts in these types of threads: "And yet you participate in society" "What about the poor workers at the studio who aren't bigots? It's not fair on them to skip the game just because of a little thing like this!" "The game looks great! Anyone else looking forward to it too?"  sillyGecko Member Mar 14, 2025 1,551 DanDanderson said: Same. The original screenshot is accurate. You don't see all followers on Twitter, and the ones you do see change - it's not a static list. He does follow all the people in the original screenshot including RadioGenoa and Grummz. Click to expand... Click to shrink... Are you sure? I refreshed it multiple times and it was always the same, didn't see grummz and what not. Either way the current list are people I saw and aren't great of course Edit: Saw the picture up above, very strange how the following list doesn't show everyone  Last edited: 5 minutes ago Fat4all Woke up, got a money tag, swears a lot Member Oct 25, 2017 107,533 here Kyuuji said: Rowling's twitter feed is just wall to wall the vilest transphobia, and has been for years. If you didn't want to see it, you wouldn't be following her. Click to expand... Click to shrink... 💯   Fat4all Woke up, got a money tag, swears a lot Member Oct 25, 2017 107,533 here sillyGecko said: Are you sure? I refreshed it multiple times and it was always the same, didn't see grummz and what not. Either way the current list are people I saw and aren't great of course Click to expand... Click to shrink... scroll up   EvilBoris Prophet of Truth - HDTVtest Verified Oct 29, 2017 18,082 Is it possible to follow these people just so you can see what dumb shit they are saying and be involved in refuting their awful views? Lots of people follow Elon Mush and Donald Trump and hate them. Personally I wouldn't , I'd rather not see it, but I know other people feel more strongly about that. Or is this person agreeing with them in public?  thirtypercent Member Oct 18, 2018 746 Rosebud said: I draw the line at Thomas Mahler Click to expand... Click to shrink... When not even the worst person on a list already makes you instabarf all over the place ....  Friendly Bear Member Jan 11, 2019 3,955 I Don’t Care Where (Just Far) That's really disappointing. Really disappointing. I'm not surprised anymore when someone is revealed as Chud or Chud adjacent, but it still disappoints me. I don't expect everyone to share my opinions, but I think it's reasonable to be critical of someone who is a fan of omega bigots. EvilBoris said: Is it possible to follow these people just so you can see what dumb shit they are saying and be involved in refuting their awful views? Lots of people follow Elon Mush and Donald Trump and hate them. Personally I wouldn't , I'd rather not see it, but I know other people feel more strongly about that. Or is this person agreeing with them in public? Click to expand... Click to shrink... I mean, it's possible. But that list seems pretty deliberate.  sillyGecko Member Mar 14, 2025 1,551 EvilBoris said: Is it possible to follow these people just so you can see what dumb shit they are saying and be involved in refuting their awful views? Lots of people follow Elon Mush and Donald Trump and hate them. Personally I wouldn't , I'd rather not see it, but I know other people feel more strongly about that. Or is this person agreeing with them in public? Click to expand... Click to shrink... Also possible, it's why a lot of people used to have "likes arent an endorsement" in their bio when they would like something to bookmark it for later. Hard to say   Kudo Member Oct 25, 2017 4,300 I guess it is suspicious, following Trump etc. I'd understand for "news" but Grummz and Rowling tweets are wild.   Fat4all Woke up, got a money tag, swears a lot Member Oct 25, 2017 107,533 here Ultrapop said: Funny how bigots always get the benefit of the doubt, huh? Click to expand... Click to shrink... gotta bend over backwards so far their heads touch the ground   BabyDontHurtMe Member Dec 9, 2018 30,854 New Jersey There are plenty of games that aren't made by dipshits so it's good to know which games that are. It's not that complicated why these threads exist, especially in this day and age. If you don't care then more power to you, but that's not the point of these threads lol   Gotchaforce Member Oct 31, 2017 6,634 I really want to play Sifu (I love martial arts games) but I'm also happy to not support shitheads.   CandySTX Member Mar 17, 2018 1,988 Scotland Can't un-buy Sifu years ago, but can certainly avoid them in the future. Thanks for the heads up.  niccoolnic Member Nov 20, 2020 1,240 Salt Lake City, UT We're still doing "is a follow an endorsement" deflections in 2025 huh? Yeah fuck this guy.  Adulfzen Member Oct 29, 2017 3,955 Eevea said: As far as I know, Hugo Martin is not a bigot. Click to expand... Click to shrink... ID Tech is owned by Microsoft and Microsoft (which includes Xbox) is officially part of the BDS list https://bdsmovement.net/microsoft Microsoft is perhaps the most complicit tech company in Israel's illegal apartheid regime and ongoing genocide against 2.3 million Palestinians in Gaza. Microsoft's complicity in Israel's apartheid and genocide is well documented, exposing its strong ties to the Israeli military, its collaboration with Israeli government ministries, and its involvement in the Israeli prison system, which is notorious for systematic torture and abuse of Palestinians. Microsoft knowingly provides Israel with technology, including artificial intelligence (AI), that is deployed to facilitate grave human rights violations, war crimes, crimes against humanity (including apartheid), as well as genocide. In light of the International Court of Justice's legally-binding rulings to prevent Israel's plausible genocide in Gaza, as well as its July 19 Advisory Opinion affirming Israel's illegal occupation and apartheid system, Microsoft has failed its corporate obligation to prevent genocide, war crimes and crimes against humanity. Microsoft, as well as its boards of directors and executives, may face criminal liability for this complicity. Click to expand... Click to shrink... Hugo Martin being a bigot would be irrelevant in this case if you care about the genocide.  OP OP doops. Member Jun 3, 2020 5,141 EvilBoris said: Is it possible to follow these people just so you can see what dumb shit they are saying and be involved in refuting their awful views? Lots of people follow Elon Mush and Donald Trump and hate them. Personally I wouldn't , I'd rather not see it, but I know other people feel more strongly about that. Or is this person agreeing with them in public? Click to expand... Click to shrink... Given that several of these accounts post offensive shit to stir up hate and bigotry for the sake of it (Radio Genoa, JK Rowling), you can't really give Jordan the benefit of the doubt here. I mean following JK Rowling alone negates this take either way. Who the FUCK wants to hear what she has to say with all the shit she's said and done?? You only do that if you already agree with her.  ALXJ REFANTAZIO SWEEP Uncle Works at Nintendo Member Feb 16, 2021 1,212 yikes... i was looking forward to consider this because some friends will play, now i'll honestly try to change their minds. there's no reason to follow that amount of trash...   EvilBoris Prophet of Truth - HDTVtest Verified Oct 29, 2017 18,082 doops. said: Given that several of these accounts post offensive shit to stir up hate and bigotry for the sake of it (Radio Genoa, JK Rowling), you can't really give Jordan the benefit of the doubt here. I mean following JK Rowling alone negates this take either way. Who the FUCK wants to hear what she has to say with all the shit she's said and done?? Click to expand... Click to shrink... I can't say I understand it , it's all horrid and hateful. I deleted my twitter account because it's all so upsetting.  HellofaMouse Member Oct 27, 2017 8,412 i mean its too late for sifu, that game sold 99% of the copies its gonna sell. but noted for the soccer game, not that i was planning to buy it.. 

May 21, 2025Ravie LakshmananCyber Espionage / Vulnerability Russian cyber threat actors have been attributed to a state-sponsored campaign targeting Western logistics entities and technology companies since 2022. The activity has been assessed to be orchestrated by APT28 (aka BlueDelta, Fancy Bear, or Forest Blizzard), which is linked to the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center, Military Unit 26165. Targets of the campaign include companies involved in the coordination, transport, and delivery of foreign assistance to Ukraine, according to a joint advisory released by agencies from Australia, Canada, Czechia, Denmark, Estonia, France, Germany, the Netherlands, Poland, the United Kingdom, and the United States. "This cyber espionage-oriented campaign targeting logistics entities and technology companies uses a mix of previously disclosed TTPs and is likely connected to these actors' wide scale targeting of IP cameras in Ukraine and bordering NATO nations," the bulletin said. The alert comes weeks after France's foreign ministry accused APT28 of mounting cyber attacks on a dozen entities including ministries, defense firms, research entities, and think tanks since 2021 in an attempt to destabilize the nation. Then last week, ESET took the wraps off a campaign dubbed Operation RoundPress that it said has been ongoing since 2023 by exploiting cross-site scripting (XSS) vulnerabilities in various webmail services like Roundcube, Horde, MDaemon, and Zimbra to single out governmental entities and defense companies in Eastern Europe, as well as governments in Africa, Europe, and South America. According to the latest advisory, cyber attacks orchestrated by APT28 are said to have involved a combination of password spraying, spear-phishing, and modifying Microsoft Exchange mailbox permissions for espionage purposes. The primary targets of the campaign include organizations within NATO member states and Ukraine spanning defense, transportation, maritime, air traffic management, and IT services verticals. No less than dozens of entities in Bulgaria, Czechia, France, Germany, Greece, Italy, Moldova, the Netherlands, Poland, Romania, Slovakia, Ukraine, and the United States are estimated to have been targeted. Initial access to targeted networks is said to have been facilitated by leveraging seven different methods - Brute-force attacks to guess credentials Spear-phishing attacks to harvest credentials using fake login pages impersonating government agencies and Western cloud email providers that were hosted on free third-party services or compromised SOHO devices Spear-phishing attacks to deliver malware Exploitation of Outlook NTLM vulnerability (CVE-2023-23397) Exploitation of Roundcube vulnerabilities (CVE-2020-12641, CVE-2020-35730, CVE-2021-44026) Exploitation of internet-facing infrastructure such as corporate VPNs using public vulnerabilities and SQL injection Exploitation of WinRAR vulnerability (CVE-2023-38831) Once the Unit 26165 actors gain foothold using one of the above methods, the attacks proceed to the post-exploitation phase, which involves conducting reconnaissance to identify additional targets in key positions, individuals responsible for coordinating transport, and other companies cooperating with the victim entity. The attackers have also been observed using tools like Impacket, PsExec, and Remote Desktop Protocol (RDP) for lateral movement, as well as Certipy and ADExplorer.exe to exfiltrate information from the Active Directory. "The actors would take steps to locate and exfiltrate lists of Office 365 users and set up sustained email collection," the agencies pointed out. "The actors used manipulation of mailbox permissions to establish sustained email collection at compromised logistics entities." Another notable trait of the intrusions is the use of malware families like HeadLace and MASEPIE, to establish persistence on compromised hosts and harvest sensitive information. There is no evidence that malware variants like OCEANMAP and STEELHOOK have been used to directly target logistics or IT sectors. During data exfiltration, the threat actors have relied on different methods based on the victim environment, often utilizing PowerShell commands to create ZIP archives to upload the collected data to their own infrastructure, or employing Exchange Web Services (EWS) and Internet Message Access Protocol (IMAP) to siphon information from email servers. "As Russian military forces failed to meet their military objectives and Western countries provided aid to support Ukraine's territorial defense, Unit 26165 expanded its targeting of logistics entities and technology companies involved in the delivery of aid," the agencies said. "These actors have also targeted internet-connected cameras at Ukrainian border crossings to monitor and track aid shipments." The disclosure comes as Cato Networks revealed that suspected Russian threat actors are leveraging Tigris Object Storage, Oracle Cloud Infrastructure (OCI) Object Storage, and Scaleway Object Storage to host fake reCAPTCHA pages that make use of ClickFix-style lures to trick users into downloading Lumma Stealer. "The recent campaign leveraging Tigris Object Storage, OCI Object Storage, and Scaleway Object Storage builds upon earlier methods, introducing new delivery mechanisms aimed at evading detection and targeting technically proficient users," researchers Guile Domingo, Guy Waizel, and Tomer Agayev said. Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    

May 20, 2025Ravie LakshmananMalware / Cyber Espionage High-level government institutions in Sri Lanka, Bangladesh, and Pakistan have emerged as the target of a new campaign orchestrated by a threat actor known as SideWinder. "The attackers used spear phishing emails paired with geofenced payloads to ensure that only victims in specific countries received the malicious content," Acronis researchers Santiago Pontiroli, Jozsef Gegeny, and Prakas Thevendaran said in a report shared with The Hacker News. The attack chains leverage spear-phishing lures as a starting point to activate the infection process and deploy a known malware referred to as StealerBot. It's worth pointing out that the modus operandi is consistent with recent SideWinder attacks documented by Kaspersky in March 2025. Some of the targets of the campaign, per Acronis, include Bangladesh's Telecommunication Regulatory Commission, Ministry of Defence, and Ministry of Finance; Pakistan's Directorate of Indigenous Technical Development; and Sri Lanka's Department of External Resources, Department of Treasury Operations, Ministry of Defence, and Central Bank. The attacks are characterized by the use of years-old remote code execution flaws in Microsoft Office (CVE-2017-0199 and CVE-2017-11882) as initial vectors to deploy malware capable of maintaining persistent access in government environments across South Asia. The malicious documents, when opened, trigger an exploit for CVE-2017-0199 to deliver next-stage payloads that are responsible for installing StealerBot by means of DLL side-loading techniques. One noteworthy tactic adopted by SideWinder is that the spear-phishing emails are coupled with geofenced payloads to ensure that only victims meeting the targeting criteria are served the malicious content. In the event the victim's IP address does not match, an empty RTF file is sent instead as a decoy. The malicious payload is an RTF file that weaponizes CVE-2017-11882, a memory corruption vulnerability in the Equation Editor, to launch a shellcode-based loader that runs the StealerBot malware. StealerBot, according to Kaspersky, is a .NET implant that's engineered to drop additional malware, launch a reverse shell, and collect a wide range of data from compromised hosts, including screenshots, keystrokes, passwords, and files. "SideWinder has demonstrated consistent activity over time, maintaining a steady pace of operations without prolonged inactivity — a pattern that reflects organizational continuity and sustained intent," the researchers said. "A closer analysis of their tactics, techniques, and procedures (TTPs) reveals a high degree of control and precision, ensuring that malicious payloads are delivered only to carefully selected targets, and often only for a limited time." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    

May 13, 2025Ravie LakshmananVulnerability / Threat Intelligence A recently disclosed critical security flaw impacting SAP NetWeaver is being exploited by multiple China-nexus nation-state actors to target critical infrastructure networks. "Actors leveraged CVE-2025-31324, an unauthenticated file upload vulnerability that enables remote code execution (RCE)," EclecticIQ researcher Arda Büyükkaya said in an analysis published today. Targets of the campaign include natural gas distribution networks, water and integrated waste management utilities in the United Kingdom, medical device manufacturing plants oil and gas exploration and production companies in the United States, and government ministries in Saudi Arabia that are responsible for investment strategy and financial regulation. The findings are based on a publicly exposed directory uncovered on attacker-controlled infrastructure ("15.204.56[.]106") that contained event logs capturing the activities across multiple compromised systems. The Dutch cybersecurity company has attributed the intrusions to Chinese threat activity clusters tracked as UNC5221, UNC5174, and CL-STA-0048, the last of which was linked to attacks targeting high-value targets in South Asia by exploiting known vulnerabilities in public-facing IIS, Apache Tomcat, and MS-SQL servers to drop web shells, reverse shells, and the PlugX backdoor. It also noted that an uncategorized China-nexus threat actor is conducting a widespread internet scanning and exploitation campaign against SAP NetWeaver systems. The server hosted at the IP address "15.204.56[.]106" has been found to contain multiple files, including - "CVE-2025-31324-results.txt," which has recorded 581 SAP NetWeaver instances compromised and backdoored with a web shell "服务数据_20250427_212229.txt," which lists 800 domains running SAP NetWeaver likely for future targeting "The exposed open-dir infrastructure reveals confirmed breaches and highlights the group's planned targets, offering clear insight into both past and future operations," Büyükkaya noted. The exploitation of CVE-2025-31324 is followed by the threat actor deploying two web shells that are designed to maintain persistent remote access to the infected systems and execute arbitrary commands. In addition, three different Chinese hacking groups have been observed exploiting the SAP NetWeaver vulnerability as part of efforts to maintain remote access, conduct reconnaissance, and drop malicious programs - CL-STA-0048, which has attempted to establish an interactive reverse shell to "43.247.135[.]53," an IP address previously identified as used by the threat actor UNC5221, which has leveraged a web shell to deploy KrustyLoader, a Rust-based malware that can used to serve second-stage payloads like Sliver, set up persistence, and execute shell commands UNC5174, which has leveraged a web shell to download SNOWLIGHT, a loader that initiates a connection with a hard-coded server to fetch a Go-based remote access trojan named VShell and a backdoor known as GOREVERSE "China-linked APTs are highly likely to continue targeting internet-exposed enterprise applications and edge devices to establish long-term strategic and persistence access to critical infrastructure networks globally," Büyükkaya said. "Their focus on widely used platforms like SAP NetWeaver is a strategic move, as these systems are deeply integrated into enterprise environments and often host unpatched vulnerabilities." SAP Patches New NetWeaver Flaw in May 2025 Patch The disclosure comes days after another China-linked unnamed threat actor dubbed Chaya_004 has also been attributed to the exploitation of CVE-2025-31324 to deploy a Go-based reverse shell called SuperShell. SAP security firm Onapsis said it is "seeing significant activity from attackers who are using public information to trigger exploitation and abuse web shells placed by the original attackers, who have currently gone dark." Further analysis of these attacks has led to the discovery of another critical defect in NetWeaver's Visual Composer Metadata Uploader component. Tracked as CVE-2025-42999 (CVSS score: 9.1), it has been described as a deserialization vulnerability that could be exploited by a privileged user to upload untrusted or malicious content. In light of ongoing active exploitation, customers of SAP NetWeaver are recommended to update their instances to the latest version as soon as possible. Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    