Scworld
China-linked Bronze Butler Exploits Motex Lanscope Zero-Day Vulnerability
First seen 2 Dec 2025, 18:33 UTC
•
•85% similarity
•68.7
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
China-linked cyber-espionage group Bronze Butler, also known as Tick, exploited a zero-day vulnerability in Motex Lanscope Endpoint Manager, identified as CVE-2025-61932. This critical request origin verification flaw was used to deploy an updated version of their Gokcpdoor malware to steal confidential information. The exploitation was observed by Sophos researchers in mid-2025 before a patch was released.
ThreatCluster AI