Security lapse lets researchers view React2Shell hackers’ dashboard
Summary
Researchers have discovered a security lapse that allowed them to view the dashboard of a threat group, dubbed UAT-10608, which is actively exploiting the React2Shell vulnerability. This group is using the exploit to steal credentials, keys, and tokens from various cloud services and platforms, including AWS, Azure, and OpenAI. A fix for the React2Shell vulnerability was released four months prior to this discovery.
IFF Assessment
This is bad news for defenders as it reveals a sophisticated, large-scale credential harvesting operation actively exploiting a known vulnerability, indicating active threats and potential widespread compromise.
Severity
Defender Context
This incident highlights the critical importance of timely patching, especially for vulnerabilities like React2Shell that are actively exploited. Defenders should prioritize updating Next.js applications and review access controls for cloud services and sensitive credentials. The scale of this attack, compromising 766 hosts in 24 hours, underscores the need for robust security monitoring and incident response capabilities.