The Chinese APT group Bronze Butler exploited a critical zero-day vulnerability in Lanscope, an endpoint management platform used by 25% of listed Japanese companies and 33% of the country's financial institutions. The flaw (CVE-2025-61932) scored 9.8/10 severity and allowed hackers complete system access through missing security checks.
Sophos researchers discovered Bronze Butler had been exploiting this vulnerability since mid-2025, months before its October disclosure. The attackers deployed their Gokcpdoor backdoor and stole sensitive data from multiple organizations.
Motex has released a patch, and only 50-160 on-premises servers were exposed online. CISA added the vulnerability to its Known Exploited list, while Japanese authorities confirmed domestic victims since April 2025.
Source: Dark Reading