The attackers used a custom JAR web shell - labeled “VersaMem” by Black Lotus Labs - that employs Java instrumentation and Javassist to inject code into the Tomcat web server process memory ...
The Chinese APT group leveraged the vulnerability to deploy a web shell that stole credentials from Versa Director SD-WAN deployments of ISPs, MSPs, and IT companies. State-sponsored Chinese ...
It's believed that the threat actors may have been testing the web shell in the wild on non-U.S. victims before deploying it to U.S. targets. The web shell "leverages Java instrumentation and ...