All topics
The flaw is in the way that the telnetd server handles some specific user-supplied data. An attacker who exploits this vulnerability would be able to bypass the authentication path and gain root privileges.
The network was linked to various attacks in 2023 and 2024, including ones against Swedish authorities and bank websites, and a wave of 14 different attacks on more than 250 German companies.
The takedown marks a significant blow to the cybercrime-as-a-service ecosystem, which fuels large-scale, automated fraud.
From their roles as the driving forces behind pioneering web appsec firm WhiteHat Security to building out enterprise security programs to breaking large portions of the web, Jeremiah Grossman and Robert Hansen have unique viewpoints on what works and what doesn't.
Active since at least 2022, UAT-7290 demonstrates a significant capacity for conducting deep-seated espionage while simultaneously functioning as an initial access group.
After a peak of more than 430,000 attack sessions in late December, daily volumes targeting React2Shell have stabilized in the 300,000 to 400,000 range.
