All topics
This activity shares some similarities with a campaign that researchers at Arctic Wolf identified in December. That campaign started soon after Fortinet disclosed two authentication bypass flaws (CVE-2025-59718 and CVE-2025-59719).
The flaw is in the way that the telnetd server handles some specific user-supplied data. An attacker who exploits this vulnerability would be able to bypass the authentication path and gain root privileges.
The network was linked to various attacks in 2023 and 2024, including ones against Swedish authorities and bank websites, and a wave of 14 different attacks on more than 250 German companies.
The takedown marks a significant blow to the cybercrime-as-a-service ecosystem, which fuels large-scale, automated fraud.
From their roles as the driving forces behind pioneering web appsec firm WhiteHat Security to building out enterprise security programs to breaking large portions of the web, Jeremiah Grossman and Robert Hansen have unique viewpoints on what works and what doesn't.
Active since at least 2022, UAT-7290 demonstrates a significant capacity for conducting deep-seated espionage while simultaneously functioning as an initial access group.
