Close Menu
Cyberattacks

China-Linked Hackers Target SAP and SQL Server Vulnerabilities in Asia and Brazil

Staff WriterBy No Comments4 Mins Read0 Views

Essential Insights

  1. Targeted Exploits: A China-linked threat actor, dubbed Earth Lamia, is exploiting critical vulnerabilities in SAP NetWeaver and SQL injection flaws to attack organizations across Brazil, India, and Southeast Asia since 2023.

  2. Diverse Targets: The actor has shifted its focus from the financial sector to logistics, online retail, and recently to IT companies, universities, and government organizations, indicating a broadening scope of cyber espionage.

  3. Advanced Techniques: Earth Lamia uses sophisticated tools such as Cobalt Strike, Rakshasa, and custom malware like PULSEPACK, employing DLL side-loading to establish control over compromised servers.

  4. Ransomware Attempts: There have been unsuccessful attempts to deploy the Mimic ransomware against Indian entities, highlighting the actor’s evolving tactics as they actively refine their methodologies for future attacks.

The Core Issue

On May 30, 2025, cybersecurity expert Ravie Lakshmanan reported on a series of cyberattacks attributed to a China-linked threat actor known as Earth Lamia. This collective has been active since 2023, targeting organizations across Brazil, India, and Southeast Asia, exploiting vulnerabilities—particularly SQL injection flaws on web applications—and a critical security flaw in SAP NetWeaver (CVE-2025-31324) to establish footholds within victim networks. Researchers from Trend Micro, who first identified Earth Lamia’s maneuvers, noted that the group’s tactics have evolved, shifting from financial services targets to logistics, online retail, IT firms, educational institutions, and government entities.

The investigations revealed that Earth Lamia employs a diverse arsenal of tools, such as Cobalt Strike, privilege escalation utilities, and custom backdoors like PULSEPACK, facilitating reconnaissance and malware deployment. Notably, despite attempts to utilize Mimic ransomware against Indian organizations, these efforts have often been foiled. The continuous refinement of their techniques and the development of new methodologies highlight the group’s aggressive operational strategies and adaptability in the face of evolving cybersecurity defenses. This multi-national threat reflects a serious and escalating concern within the global cybersecurity landscape, as reported by multiple cybersecurity firms, including Trend Micro and Sophos.

Critical Concerns

The rampant exploitation of vulnerabilities by the China-linked threat actor, Earth Lamia, poses substantial risks not only to the immediate victims but also to a vast network of interdependent businesses, organizations, and users. As these attacks exploit SQL injection vulnerabilities across a spectrum of sectors—ranging from logistics to IT—there exists a tangible threat of collateral damage, where compromised organizations may inadvertently expose sensitive data or serve as conduits for further breaches. This cascading effect can lead to reputational harm, financial loss, and erosion of customer trust, particularly in tightly-knit industries reliant on shared data and services. Moreover, the evolution of these cyber-attacks, characterized by the use of sophisticated tools and backdoors, enables the threat actor to remain agile and adaptive, increasing the likelihood of widespread disruption should these tactics proliferate across other vulnerable entities. The implications are profound, as even organizations initially unaffected may find themselves ensnared in the fallout, underscoring the need for robust cybersecurity measures across all sectors.

Possible Remediation Steps

The pressing nature of cybersecurity necessitates immediate action against threats, particularly when adversaries, such as China-linked hackers, capitalize on vulnerabilities within systems like SAP and SQL Server. Timely remediation mitigates risk and fortifies organizational defenses.

Mitigation Steps

  1. Patch Management: Regularly update systems to rectify vulnerabilities.
  2. Network Segmentation: Divide networks to limit lateral movement of threats.
  3. Intrusion Detection Systems: Deploy technologies to identify and respond to unauthorized access.
  4. User Access Controls: Implement stringent permissions to minimize exposure.
  5. Incident Response Plan: Establish protocols for rapid response to breaches.
  6. Employee Training: Educate staff on cybersecurity best practices and threat awareness.
  7. Backup Solutions: Maintain secure and frequent backups to ensure data recovery.

NIST CSF Guidance

The NIST Cybersecurity Framework (CSF) underscores the importance of proactive measures and continuous monitoring. Specifically, refer to NIST Special Publication 800-53 for comprehensive guidance on security and privacy controls tailored for federal information systems, ensuring a robust defense against evolving threats.

Stay Ahead in Cybersecurity

Explore career growth and education via Careers & Learning, or dive into Compliance essentials.

Access world-class cyber research and guidance from IEEE.

Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.

Cyberattacks-V1

Share.
Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Related Posts

Comments are closed.