February 10, 2025 By Pierluigi Paganini
The cybercrime group XE Group exploited a VeraCore zero-day to deploy reverse shells, web shells in recent attacks.
A recent investigation by researchers from Intezer and Solis Security shed light on the recent operations of the XE Group.
Active since at least 2013, XE Group is a cybercriminal group focused on credit card skimming and password theft via supply chain attacks.
“XE Group transitioned from credit card skimming to targeted information theft, marking a significant shift in their operational priorities.Their attacks now target supply chains in the manufacturing and distribution sectors, leveraging new vulnerabilities and advanced tactics.” reads the analysis published by Intezer.
“XE Group’s recent activities showcase their progression to exploiting zero-day vulnerabilities, signaling a strategic shift toward more advanced and impactful operations. This evolution reflects a commitment to adopting cutting-edge techniques and persistent attack strategies to achieve their objectives.”
The group was spotted using zero-day vulnerabilities in Advantive VeraCore respectively tracked as CVE-2024-57968 (CVSS score of 9.9) and CVE-2025-25181 (CVSS score of 5.8) to install reverse shells, web shells and maintain persistence.
