Close Menu

China-Linked Tick Group Exploits Lanscope Zero-Day to Seize Corporate Systems

Staff WriterBy No Comments2 Mins Read2 Views

Top Highlights

  1. Critical Vulnerability Exploited: A severe security flaw (CVE-2025-61932) in Motex Lanscope Endpoint Manager, with a CVSS score of 9.3, is being actively exploited by the cyber espionage group Tick to execute remote commands on affected systems.

  2. Sophisticated Attack Methods: Tick employs a backdoor known as Gokcpdoor, enabling a remote proxy connection and malicious command execution, accompanied by the Havoc post-exploitation framework for lateral movement.

  3. Use of Diverse Tools: The attack leverages tools like goddi for Active Directory data extraction, Remote Desktop for backdoor access, and cloud services for data exfiltration during remote sessions.

  4. Historical Patterns: Tick has a history of exploiting zero-day vulnerabilities, previously compromising systems using an unpatched flaw in 2017, highlighting the need for organizations to update vulnerable servers and assess their exposure.

Cyber Espionage Group Exploits Critical Vulnerability

Recent reports reveal that a sophisticated cyber espionage group, known as Tick, has exploited a significant security flaw in Motex Lanscope Endpoint Manager. This vulnerability, identified as CVE-2025-61932, received a concerning CVSS score of 9.3. Attackers can execute arbitrary commands on affected systems, compromising sensitive corporate data. Authorities have confirmed that these exploits have successfully deployed backdoors in targeted networks. Tick has a history of targeting organizations in East Asia, particularly in Japan, and has been active since at least 2006.

Consequently, cybersecurity experts emphasize the need for urgent action. Organizations utilizing Lanscope should quickly assess their systems to prevent unauthorized access. Those operating vulnerable versions must consider upgrading or reevaluating their security protocols.

Advanced Techniques Used for Data Exfiltration

The exploitation campaign involved the deployment of the Gokcpdoor backdoor, which facilitates remote command execution. This tool establishes proxy connections and creates covert communication channels. Attackers have also utilized the Havoc post-exploitation framework, which allows them to move laterally within networks and exfiltrate data effectively.

Moreover, Tick’s tactics include the use of open-source tools and legitimate software for their operations. These methods enhance their ability to harvest data from compromised systems. Experts encourage organizations to scrutinize their internet-facing Lanscope servers for any unnecessary exposure to potential threats. By implementing robust security measures, companies can better safeguard their networks against such advanced cyber threats.

Expand Your Tech Knowledge

Dive deeper into the world of Cryptocurrency and its impact on global finance.

Access comprehensive resources on technology by visiting Wikipedia.

DataProtection-V1

Share.
Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Comments are closed.