The attackers used a custom JAR web shell - labeled “VersaMem” by Black Lotus Labs - that employs Java instrumentation and Javassist to inject code into the Tomcat web server process memory ...
The Chinese APT group leveraged the vulnerability to deploy a web shell that stole credentials from Versa Director SD-WAN deployments of ISPs, MSPs, and IT companies. State-sponsored Chinese ...