VulnHub

Real-time Cybersecurity News

North Korea-linked Actors Exploit React2Shell to Deploy New EtherRAT Malware

The Hacker News
Actively Exploited
LinuxExploitVulnerabilityUpdateMalwareTrojanCritical

Overview

North Korea-linked cyber actors are exploiting a recently identified vulnerability in React Server Components known as React2Shell to deploy a new remote access trojan called EtherRAT. This malware utilizes Ethereum smart contracts to manage command-and-control communications and can establish multiple persistence mechanisms on Linux systems. The emergence of EtherRAT marks a concerning development as it allows attackers to maintain access to compromised systems. Companies using React Server Components need to be vigilant and update their systems to mitigate this risk. The situation emphasizes the ongoing threat posed by state-sponsored hacking groups and the importance of timely patching of known vulnerabilities.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: React Server Components (RSC), Linux systems
  • Action Required: Update systems to patch the React2Shell vulnerability; specific patch details not provided.
  • Timeline: Newly disclosed

Original Article Summary

Threat actors with ties to North Korea have likely become the latest to exploit the recently disclosed critical security React2Shell flaw in React Server Components (RSC) to deliver a previously undocumented remote access trojan dubbed EtherRAT. "EtherRAT leverages Ethereum smart contracts for command-and-control (C2) resolution, deploys five independent Linux persistence mechanisms, and

Impact

React Server Components (RSC), Linux systems

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Update systems to patch the React2Shell vulnerability; specific patch details not provided.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Linux, Exploit, Vulnerability, and 4 more.

Read Original Article

Related Coverage

ROCA: Infineon TPM and Secure Element RSA Vulnerability Guidance

NCSC Feed

The ROCA vulnerability affects certain Infineon Trusted Platform Modules (TPMs) and Secure Elements, which are used in various devices for secure cryptographic functions. This flaw allows attackers to potentially recover private RSA keys, compromising the security of encrypted communications and data for users. Devices that utilize these components could be at risk, making it crucial for manufacturers and users to assess their systems. The vulnerability is significant because it could expose sensitive information and undermine trust in security protocols. Users and organizations that rely on affected devices need to take immediate action to secure their systems and protect their data.

Feb 28, 3025

Cyber Assessment Framework 3.2

NCSC Feed

The latest version of the Cyber Assessment Framework (CAF) has been released, aiming to address the rising threats to critical national infrastructure. This update emphasizes the need for organizations to reassess their cybersecurity strategies in light of evolving risks. The framework aims to provide guidance on how to enhance resilience against potential cyberattacks that could impact essential services and systems. It is particularly relevant for government agencies, utility providers, and other sectors that rely on critical infrastructure. By adopting the updated CAF, organizations can better prepare for and mitigate the risks posed by increasingly sophisticated cyber threats.

Jan 22, 2277

Askul confirms theft of 740k customer records in ransomware attack

BleepingComputer

Askul Corporation, a major Japanese e-commerce company, reported a ransomware attack by the hacker group RansomHouse, resulting in the theft of approximately 740,000 customer records. The breach, which occurred in October, raises significant concerns about the security of customer data and the potential for identity theft or fraud. Askul has not disclosed the specific types of information taken, but the volume of records suggests that sensitive personal information may be involved. This incident highlights the ongoing challenges faced by companies in protecting consumer data against increasingly sophisticated cyber threats. Customers of Askul should remain vigilant and monitor their accounts for any suspicious activity.

Dec 15, 2025

AI is causing all kinds of problems in the legal sector

CyberScoop

AI technology is increasingly being used in the legal sector, but it's also leading to significant challenges. Reports indicate that AI-generated disinformation and deepfakes are creating chaos in courtrooms, undermining the integrity of legal proceedings. This misuse of technology can result in wrongful convictions and erode trust in the judicial system. Legal professionals are grappling with how to address these issues, which are becoming more prevalent as AI tools evolve. The implications of AI misapplication in legal contexts could have lasting effects on justice and accountability.

Dec 15, 2025

Ongoing SoundCloud issue blocks VPN users with 403 server error

BleepingComputer

SoundCloud is currently facing an issue where users trying to access the audio streaming platform via a VPN are encountering a 403 'forbidden' error. This error prevents users from reaching the service, which can be particularly frustrating for those relying on VPNs for privacy or to bypass geo-restrictions. The problem is affecting a significant number of users, although SoundCloud has not yet provided a clear explanation or timeline for a fix. This situation raises concerns about user access and the effectiveness of VPNs when it comes to streaming services, as it highlights potential limitations in using these tools for privacy. As the issue persists, users may need to consider alternative methods to access SoundCloud or wait for an official resolution from the platform.

Dec 15, 2025

Militant Groups Are Experimenting With AI, and the Risks Are Expected to Grow

SecurityWeek

Militant groups are increasingly turning to artificial intelligence to enhance their operations, particularly in spreading propaganda and creating deepfakes. This trend raises concerns about their ability to reach wider audiences and manipulate public perception more effectively. By automating content production, these groups can generate misleading information at scale, which could undermine trust in media and influence vulnerable populations. As the technology becomes more accessible, the potential for misuse grows, posing a significant challenge for governments and security agencies tasked with countering extremist narratives. It’s crucial for society to remain vigilant about the implications of AI in the hands of those with harmful intentions.

Dec 15, 2025