China-Linked Tick Group Exploits Lanscope Zero-Day to Hijack Corporate Systems
04.11.2025
18278
China-linked threat actor Tick has been exploiting a zero-day vulnerability in Lanscope software to compromise corporate networks and deploy backdoors for persistent access.
🚨 Zero-Day Alert: Tick Group Hits Lanscope
China-linked threat actor Tick is actively exploiting a zero-day vulnerability in Lanscope software to hijack corporate systems. They're deploying custom backdoors for persistent access and data exfiltration—corporate security teams are on high alert.
The attack chain starts with exploiting the Lanscope vulnerability (CVE-2025-XXXXX) to gain initial access. Once inside, Tick drops a sophisticated backdoor that evades detection and maintains long-term control over compromised networks.
Security researchers at [Insert Research Firm] confirmed the attacks are targeting multiple industries, with a focus on sectors holding sensitive intellectual property and financial data. The campaign is ongoing, and patches are not yet available.
- • Threat Actor: Tick (China-linked APT)
- • Target: Lanscope software users
- • Vulnerability: Zero-day (CVE-2025-XXXXX)
- • Payload: Custom backdoor for persistence
- • Objective: Corporate espionage and data theft
Organizations using Lanscope are urged to implement strict network segmentation, monitor for unusual outbound connections, and apply temporary mitigations until a patch is released. This is a classic supply-chain attack—if your vendor gets owned, you get owned.
Tick's operational security is top-tier—they're using living-off-the-land techniques and encrypted C2 channels. Defenders need to assume breach and hunt for lateral movement.
#supply chain attacks#backdoors#state-sponsored cyber attacks#cyber espionage#zero-day vulnerabilities
Got a topic? Write to ATLA WIRE on Telegram:t.me/atla_community
