Automated Credential Harvesting Campaign Exploits React2Shell Flaw
Summary
A new threat cluster, UAT-10608, is actively exploiting vulnerable Next.js applications that are exposed to the web. They are using an automated tool to harvest credentials, secrets, and other sensitive system data.
IFF Assessment
FOE
This campaign demonstrates a new automated method for attackers to exploit common web application vulnerabilities and steal sensitive data, posing a direct threat to organizations.
Defender Context
This highlights the ongoing risk to applications built with frameworks like Next.js when not properly secured or when exposed to the internet. Defenders should prioritize patching known vulnerabilities in web applications and implementing robust credential management and monitoring to detect unauthorized exfiltration.