The Sharp Taste of Mimo’lette Analyzing Mimo’s Latest Campaign targeting Craft CMS

Posted May 27, 2025 Updated Jun 3, 2025

By ictsec.pl

1 min read

Introduction
Once upon a time, in the land of the CMS honeypot, a curious threat named Mimo crept silently through the digital woods. Unlike your typical fairytale villain, Mimo didn’t leave glass slippers—just suspicious payloads. Between February 28 and May 2, multiple exploitations of the CVE-2025-32432 were observed during our daily threat monitoring. This vulnerability is a Remote Code Execution affecting the Craft Content Management System.

This report presents an analysis of the compromise chain initiated by the exploitation of CVE-2025-32432, observed on our honeypot. Our investigation dissects each intrusion phase, from the initial vulnerability exploitation to the deployment of malicious payloads, including a loader, a crypto miner, and a residential proxyware. We also explore the intrusion set likely responsible for the campaign. Finally, we highlight several detection opportunities based on the techniques and tactics used by this intrusion set.

To read the complete article see:
Read More

RESEARCH

This post is licensed under CC BY 4.0 by the author.

Trending Tags