Hackers Target SAP NetWeaver to Deploy New Auto-Color Linux Malware
gbhackersCybersecurity researchers at Darktrace have uncovered a sophisticated attack targeting a US-based chemicals company, marking the first observed instance of threat actors exploiting SAP NetWeaver vulnerabilities to deploy Auto-Color backdoor malware.
The incident, which occurred over three days in April 2025, demonstrates an alarming evolution in cyber attack tactics combining enterprise software exploitation with advanced Linux malware.
Critical Vulnerability Exploitation
The attack leveraged CVE-2025-31324, a critical vulnerability in SAP NetWeaver disclosed on April 24, 2025.
This security flaw enables malicious actors to upload files to SAP NetWeaver application servers, potentially leading to remote code execution and complete system compromise.
Despite urgent disclosure from SAP SE, the vulnerability has been actively exploited across multiple systems since its revelation.
The threat actor initiated reconnaissance on April 25, probing the target’s internet-facing systems with suspicious URI patterns containing “/developmentserver/metadatauploader.”
Active exploitation began ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE