U.S.-based chemicals company

U.S.-based chemicals company

Hackers exploited a critical SAP NetWeaver vulnerability (CVE-2025-31324) to deploy the Auto-Color Linux malware in a cyberattack. The attack started on April 25, 2025, and active exploitation occurred two days later. The malware, known for its evasive tactics and difficulty in eradication, features capabilities such as arbitrary command execution, file modification, and reverse shell for full remote access. The attack was discovered by Darktrace during an incident response in April 2025. The vulnerability allows unauthenticated attackers to upload malicious binaries for remote code execution.

Source: https://www.bleepingcomputer.com/news/security/hackers-exploit-sap-netweaver-bug-to-deploy-linux-auto-color-malware/

TPRM report: https://scoringcyber.rankiteo.com/company/darktrace

"id": "dar231072925",
"linkid": "darktrace",
"type": "Cyber Attack",
"date": "7/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Chemicals',
                        'location': 'United States',
                        'type': 'Chemicals Company'}],
 'attack_vector': 'Exploitation of SAP NetWeaver vulnerability',
 'date_detected': '2025-04-25',
 'description': 'Hackers exploited a critical SAP NetWeaver vulnerability '
                '(CVE-2025-31324) to deploy the Auto-Color Linux malware in a '
                'cyberattack on a U.S.-based chemicals company.',
 'initial_access_broker': {'backdoors_established': 'Auto-Color malware',
                           'entry_point': 'CVE-2025-31324'},
 'post_incident_analysis': {'corrective_actions': 'Apply security updates or '
                                                  'mitigations provided in the '
                                                  'customer-only SAP bulletin',
                            'root_causes': 'Exploitation of CVE-2025-31324'},
 'recommendations': 'Administrators should act quickly to apply the security '
                    'updates or mitigations provided in the customer-only SAP '
                    'bulletin.',
 'references': [{'source': 'Darktrace'}],
 'title': 'Cyberattack on U.S.-based Chemicals Company Exploiting SAP '
          'NetWeaver Vulnerability',
 'type': 'Malware',
 'vulnerability_exploited': 'CVE-2025-31324'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.