When Samsung's Magic Turns Tragic A Tale of Unauthorized Mining

During mid-May 2025, eSentire’s Threat Response Unit (TRU) identified active exploitation of a critical security flaw (CVE-2025-4632) within Samsung MagicINFO 9 Server installations. This vulnerability enables unauthenticated malicious actors to write arbitrary files, including webshells, with system-level privileges.

This can be leveraged to achieve complete Remote Code Execution (RCE) capabilities on affected systems, providing unauthorized initial access to compromised servers. TRU observed the following activity as the attack progressed…

To read the complete article see: When Samsung’s Magic Turns Tragic: A Tale of Unauthorized Mining