Scworld
China-linked Hackers Exploit Lanscope Zero-Day to Deploy Gokcpdoor Malware
First seen 4 Nov 2025, 11:09 UTC
•
•85% similarity
•51.1
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
Cyber-espionage group Bronze Butler, also known as Tick, has exploited a zero-day vulnerability in Motex Lanscope Endpoint Manager, identified as CVE-2025-61932. This critical request origin verification flaw was used to deploy an updated version of the Gokcpdoor malware to steal confidential information. The attacks were observed by Sophos researchers in mid-2025 before the vulnerability was patched.
ThreatCluster AI